CVE-2020-7788 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2020-7788 Interim 1 4 2025-02-17T01:36:59Z current 2023-10-31T00:38:55Z 2025-02-17T01:36:59Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2020-7788 This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Liberty Linux 8 SUSE Liberty Linux 9 nodejs-16.13.1-3.module+el8.5.0+13548+45d748af nodejs-16.16.0-1.el9_0 nodejs-devel-16.13.1-3.module+el8.5.0+13548+45d748af nodejs-docs-16.13.1-3.module+el8.5.0+13548+45d748af nodejs-docs-16.16.0-1.el9_0 nodejs-full-i18n-16.13.1-3.module+el8.5.0+13548+45d748af nodejs-full-i18n-16.16.0-1.el9_0 nodejs-libs-16.16.0-1.el9_0 nodejs-nodemon-2.0.15-1.module+el8.5.0+13548+45d748af nodejs-nodemon-2.0.19-1.el9_0 nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06 npm-8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af npm-8.11.0-1.16.16.0.1.el9_0 nodejs-16.13.1-3.module+el8.5.0+13548+45d748af as a component of SUSE Liberty Linux 8 nodejs-devel-16.13.1-3.module+el8.5.0+13548+45d748af as a component of SUSE Liberty Linux 8 nodejs-docs-16.13.1-3.module+el8.5.0+13548+45d748af as a component of SUSE Liberty Linux 8 nodejs-full-i18n-16.13.1-3.module+el8.5.0+13548+45d748af as a component of SUSE Liberty Linux 8 nodejs-nodemon-2.0.15-1.module+el8.5.0+13548+45d748af as a component of SUSE Liberty Linux 8 nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06 as a component of SUSE Liberty Linux 8 npm-8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af as a component of SUSE Liberty Linux 8 nodejs-16.16.0-1.el9_0 as a component of SUSE Liberty Linux 9 nodejs-docs-16.16.0-1.el9_0 as a component of SUSE Liberty Linux 9 nodejs-full-i18n-16.16.0-1.el9_0 as a component of SUSE Liberty Linux 9 nodejs-libs-16.16.0-1.el9_0 as a component of SUSE Liberty Linux 9 nodejs-nodemon-2.0.19-1.el9_0 as a component of SUSE Liberty Linux 9 npm-8.11.0-1.16.16.0.1.el9_0 as a component of SUSE Liberty Linux 9 This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context. CVE-2020-7788 SUSE Liberty Linux 8:nodejs-16.13.1-3.module+el8.5.0+13548+45d748af SUSE Liberty Linux 8:nodejs-devel-16.13.1-3.module+el8.5.0+13548+45d748af SUSE Liberty Linux 8:nodejs-docs-16.13.1-3.module+el8.5.0+13548+45d748af SUSE Liberty Linux 8:nodejs-full-i18n-16.13.1-3.module+el8.5.0+13548+45d748af SUSE Liberty Linux 8:nodejs-nodemon-2.0.15-1.module+el8.5.0+13548+45d748af SUSE Liberty Linux 8:nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06 SUSE Liberty Linux 8:npm-8.1.2-1.16.13.1.3.module+el8.5.0+13548+45d748af SUSE Liberty Linux 9:nodejs-16.16.0-1.el9_0 SUSE Liberty Linux 9:nodejs-docs-16.16.0-1.el9_0 SUSE Liberty Linux 9:nodejs-full-i18n-16.16.0-1.el9_0 SUSE Liberty Linux 9:nodejs-libs-16.16.0-1.el9_0 SUSE Liberty Linux 9:nodejs-nodemon-2.0.19-1.el9_0 SUSE Liberty Linux 9:npm-8.11.0-1.16.16.0.1.el9_0 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H