Vulnerability Details CVE-2020-28441
This affects the package conf-cfg-ini before 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be exploited further depending on the context.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.5%
CVSS Severity
CVSS v3 Score 7.3
References
Products affected by CVE-2020-28441
-
cpe:2.3:a:conf-cfg-ini_project:conf-cfg-ini:1.0.0
-
cpe:2.3:a:conf-cfg-ini_project:conf-cfg-ini:1.0.1
-
cpe:2.3:a:conf-cfg-ini_project:conf-cfg-ini:1.0.2
-
cpe:2.3:a:conf-cfg-ini_project:conf-cfg-ini:1.0.3
-
cpe:2.3:a:conf-cfg-ini_project:conf-cfg-ini:1.0.4
-
cpe:2.3:a:conf-cfg-ini_project:conf-cfg-ini:1.0.5
-
cpe:2.3:a:conf-cfg-ini_project:conf-cfg-ini:1.0.6
-
cpe:2.3:a:conf-cfg-ini_project:conf-cfg-ini:1.0.7
-
cpe:2.3:a:conf-cfg-ini_project:conf-cfg-ini:1.0.8
-
cpe:2.3:a:conf-cfg-ini_project:conf-cfg-ini:1.0.9
-
cpe:2.3:a:conf-cfg-ini_project:conf-cfg-ini:1.1.0
-
cpe:2.3:a:conf-cfg-ini_project:conf-cfg-ini:1.1.1
-
cpe:2.3:a:conf-cfg-ini_project:conf-cfg-ini:1.2.0
-
cpe:2.3:a:conf-cfg-ini_project:conf-cfg-ini:1.2.1