Vulnerability Details CVE-2020-28441
This affects the package conf-cfg-ini before 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be exploited further depending on the context.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.2%
CVSS Severity
CVSS v3 Score 7.3
References
Products affected by CVE-2020-28441
-
cpe:2.3:a:conf-cfg-ini_project:conf-cfg-ini:1.0.0
-
cpe:2.3:a:conf-cfg-ini_project:conf-cfg-ini:1.0.1
-
cpe:2.3:a:conf-cfg-ini_project:conf-cfg-ini:1.0.2
-
cpe:2.3:a:conf-cfg-ini_project:conf-cfg-ini:1.0.3
-
cpe:2.3:a:conf-cfg-ini_project:conf-cfg-ini:1.0.4
-
cpe:2.3:a:conf-cfg-ini_project:conf-cfg-ini:1.0.5
-
cpe:2.3:a:conf-cfg-ini_project:conf-cfg-ini:1.0.6
-
cpe:2.3:a:conf-cfg-ini_project:conf-cfg-ini:1.0.7
-
cpe:2.3:a:conf-cfg-ini_project:conf-cfg-ini:1.0.8
-
cpe:2.3:a:conf-cfg-ini_project:conf-cfg-ini:1.0.9
-
cpe:2.3:a:conf-cfg-ini_project:conf-cfg-ini:1.1.0
-
cpe:2.3:a:conf-cfg-ini_project:conf-cfg-ini:1.1.1
-
cpe:2.3:a:conf-cfg-ini_project:conf-cfg-ini:1.2.0
-
cpe:2.3:a:conf-cfg-ini_project:conf-cfg-ini:1.2.1