VulnerableCode Package Details

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-7tyw-ppyt-zqgr	ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse ### Overview The `ini` npm package before version 1.3.6 has a Prototype Pollution vulnerability. If an attacker submits a malicious INI file to an application that parses it with `ini.parse`, they will pollute the prototype on the application. This can be exploited further depending on the context. ### Patches This has been patched in 1.3.6. ### Steps to reproduce payload.ini ``` [__proto__] polluted = "polluted" ``` poc.js: ``` var fs = require('fs') var ini = require('ini') var parsed = ini.parse(fs.readFileSync('./payload.ini', 'utf-8')) console.log(parsed) console.log(parsed.__proto__) console.log(polluted) ``` ``` > node poc.js {} { polluted: 'polluted' } { polluted: 'polluted' } polluted ```	CVE-2020-7788 GHSA-qqgx-2p2h-9c37

Vulnerability

Summary

Aliases

VCID-7tyw-ppyt-zqgr

ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse ### Overview The `ini` npm package before version 1.3.6 has a Prototype Pollution vulnerability. If an attacker submits a malicious INI file to an application that parses it with `ini.parse`, they will pollute the prototype on the application. This can be exploited further depending on the context. ### Patches This has been patched in 1.3.6. ### Steps to reproduce payload.ini ``` [__proto__] polluted = "polluted" ``` poc.js: ``` var fs = require('fs') var ini = require('ini') var parsed = ini.parse(fs.readFileSync('./payload.ini', 'utf-8')) console.log(parsed) console.log(parsed.__proto__) console.log(polluted) ``` ``` > node poc.js {} { polluted: 'polluted' } { polluted: 'polluted' } polluted ```

CVE-2020-7788
GHSA-qqgx-2p2h-9c37

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:15:03.652173+00:00	GitLab Importer	Fixing	VCID-7tyw-ppyt-zqgr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ini/CVE-2020-7788.yml	38.4.0
2026-04-11T22:27:11.749384+00:00	GitLab Importer	Fixing	VCID-7tyw-ppyt-zqgr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ini/CVE-2020-7788.yml	38.3.0
2026-04-02T22:38:53.521793+00:00	GitLab Importer	Fixing	VCID-7tyw-ppyt-zqgr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ini/CVE-2020-7788.yml	38.1.0
2026-04-02T16:56:03.699048+00:00	GHSA Importer	Fixing	VCID-7tyw-ppyt-zqgr	https://github.com/advisories/GHSA-qqgx-2p2h-9c37	38.1.0
2026-04-01T16:56:17.977746+00:00	GitLab Importer	Fixing	VCID-7tyw-ppyt-zqgr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/ini/CVE-2020-7788.yml	38.0.0
2026-04-01T13:00:02.220254+00:00	GithubOSV Importer	Fixing	VCID-7tyw-ppyt-zqgr	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/12/GHSA-qqgx-2p2h-9c37/GHSA-qqgx-2p2h-9c37.json	38.0.0