multi-ini
npm2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting multi-inipage 1 of 1
- CVE-2020-28448MEDIUMCVSS 5.6EG 5.6✓ Fixed in 2.1.12020-12-22
This affects the package multi-ini before 2.1.1. It is possible to pollute an object's prototype by specifying the proto object as part of an array.
- CVE-2020-28460MEDIUMCVSS 5.6EG 5.6✓ Fixed in 2.1.22020-12-22
This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448.
Check whether multi-ini is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for multi-ini CVEs against the assets you own.
Start Free Scan →