[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-7788":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":93,"aliases":103,"duplicate_of":9,"upstream":105,"downstream":106,"duplicates":139,"related":140,"reserved_at":9,"published_at":160,"modified_at":161,"state":162,"summary":163,"references_raw":171,"kevs":206,"epss":207,"epss_history":210,"metrics":468,"affected":486},"CVE-2020-7788","This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-1321","Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')","The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.","weakness","Incomplete","Variant",[19,67,89],{"id":20,"name":21,"techniques":22},"CAPEC-1","Accessing Functionality Not Properly Constrained by ACLs",[23],{"id":24,"name":25,"tactics":26,"countermeasures":42},"T1574.010","Services File Permissions Weakness",[27,30,33,36,39],{"id":28,"name":29},"TA0110","Persistence",{"id":31,"name":32},"TA0111","Privilege Escalation",{"id":34,"name":35},"TA0030","Defense Evasion",{"id":37,"name":38},"TA0005","Stealth",{"id":40,"name":41},"TA0104","Execution",[43,48,52,57,62],{"id":44,"name":45,"tactic":46},"D3-SWI","Software Inventory",{"name":47},"Model",{"id":49,"name":50,"tactic":51},"D3-AVE","Asset Vulnerability Enumeration",{"name":47},{"id":53,"name":54,"tactic":55},"D3-SBV","Service Binary Verification",{"name":56},"Detect",{"id":58,"name":59,"tactic":60},"D3-SU","Software Update",{"name":61},"Harden",{"id":63,"name":64,"tactic":65},"D3-RS","Restore Software",{"name":66},"Restore",{"id":68,"name":69,"techniques":70},"CAPEC-180","Exploiting Incorrectly Configured Access Control Security Levels",[71],{"id":24,"name":25,"tactics":72,"countermeasures":78},[73,74,75,76,77],{"id":28,"name":29},{"id":31,"name":32},{"id":34,"name":35},{"id":37,"name":38},{"id":40,"name":41},[79,81,83,85,87],{"id":44,"name":45,"tactic":80},{"name":47},{"id":49,"name":50,"tactic":82},{"name":47},{"id":53,"name":54,"tactic":84},{"name":56},{"id":58,"name":59,"tactic":86},{"name":61},{"id":63,"name":64,"tactic":88},{"name":66},{"id":90,"name":91,"techniques":92},"CAPEC-77","Manipulating User-Controlled Variables",[],[94],{"_key":95,"name":96,"source":97,"url":98,"maturity":99,"reliability_score":100,"verified":101,"type":9,"platforms":102,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_FBA8F644BB944D9C","Exploit Reference (snyk.io)","reference","https://snyk.io/vuln/SNYK-JS-INI-1048974","unknown",0.2,false,[],[104],"GHSA-qqgx-2p2h-9c37",[],[107,109,111,113,115,117,119,121,123,125,127,129,131,133,135,137],{"_key":108},"DLA-2503-1",{"_key":110},"RHSA-2021:0485",{"_key":112},"RHSA-2021:0549",{"_key":114},"MGASA-2021-0068",{"_key":116},"DEBIAN-CVE-2020-7788",{"_key":118},"RHSA-2021:3280",{"_key":120},"RHSA-2021:3281",{"_key":122},"RHSA-2022:6595",{"_key":124},"UBUNTU-CVE-2020-7788",{"_key":126},"RHSA-2021:0421",{"_key":128},"RHSA-2021:0521",{"_key":130},"RHSA-2021:0548",{"_key":132},"RHSA-2021:0551",{"_key":134},"RHSA-2021:5171",{"_key":136},"RHSA-2022:0246",{"_key":138},"RHSA-2022:0350",[],[141,142,144,146,148,150,152,154,156,158],{"_key":114},{"_key":143},"CGA-45PC-XPQW-3MH7",{"_key":145},"CGA-4V49-2P5W-R42H",{"_key":147},"CGA-5FMW-XJCX-Q7WC",{"_key":149},"CGA-7VQ2-G8CW-32WX",{"_key":151},"CGA-92MC-35X8-GHQF",{"_key":153},"CGA-GF5W-3RV9-3R7H",{"_key":155},"CGA-QV4F-VF9X-4R73",{"_key":157},"CGA-WW7F-WFF7-W4PM",{"_key":159},"CGA-FF9R-2FX8-RR4Q","2020-12-11T10:45:14.077Z","2024-09-16T23:41:44.616Z","Modified",{"cisa_kev":101,"cisa_ransomware":101,"cisa_vendor":9,"epss_severity":164,"epss_score":165,"severity":166,"severity_score":167,"severity_version":168,"severity_source":169,"severity_vector":170,"severity_status":162},"low",0.00291,"critical",9.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[172,181,186,192,197,202],{"url":98,"sources":173,"tags":176},[174,169,175],"cve.org","osv_npm",[177,178,179,180],"X Refsource MISC","Exploit","Third Party Advisory","WEB",{"url":182,"sources":183,"tags":184},"https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1",[174,169,175],[177,185,179,180],"Patch",{"url":187,"sources":188,"tags":189},"https://lists.debian.org/debian-lts-announce/2020/12/msg00032.html",[174,169,175],[190,191,179,180],"Mailing List","X Refsource MLIST",{"url":193,"sources":194,"tags":195},"https://nvd.nist.gov/vuln/detail/CVE-2020-7788",[175],[196],"Advisory",{"url":198,"sources":199,"tags":200},"https://github.com/npm/ini",[175],[201],"PACKAGE",{"url":203,"sources":204,"tags":205},"https://www.npmjs.com/advisories/1589",[175],[180],[],{"date":208,"score":165,"percentile":209},"2026-06-04",0.52739,[211,214,217,220,223,226,229,232,235,238,241,243,246,249,252,256,259,262,265,268,271,274,277,279,282,285,288,291,295,298,301,304,307,309,312,315,318,321,323,326,329,332,335,337,340,344,347,350,353,356,359,362,365,368,371,374,377,379,382,385,388,391,394,397,399,402,405,408,411,414,417,420,423,426,428,430,432,435,437,440,443,445,447,450,453,456,458,460,462,465],{"date":212,"score":165,"percentile":213},"2025-11-04",0.5213,{"date":215,"score":165,"percentile":216},"2025-11-05",0.52105,{"date":218,"score":165,"percentile":219},"2025-11-06",0.52121,{"date":221,"score":165,"percentile":222},"2025-11-07",0.52143,{"date":224,"score":165,"percentile":225},"2025-11-08",0.52146,{"date":227,"score":165,"percentile":228},"2025-11-09",0.52139,{"date":230,"score":165,"percentile":231},"2025-11-10",0.5211,{"date":233,"score":165,"percentile":234},"2025-11-11",0.52124,{"date":236,"score":165,"percentile":237},"2025-11-12",0.5215,{"date":239,"score":165,"percentile":240},"2025-11-13",0.52155,{"date":242,"score":165,"percentile":240},"2025-11-14",{"date":244,"score":165,"percentile":245},"2025-11-15",0.52149,{"date":247,"score":165,"percentile":248},"2025-11-16",0.52128,{"date":250,"score":165,"percentile":251},"2025-11-17",0.52111,{"date":253,"score":254,"percentile":255},"2025-11-18",0.00848,0.72831,{"date":257,"score":254,"percentile":258},"2025-11-19",0.72839,{"date":260,"score":254,"percentile":261},"2025-11-20",0.72848,{"date":263,"score":165,"percentile":264},"2025-11-21",0.52122,{"date":266,"score":165,"percentile":267},"2025-11-22",0.5212,{"date":269,"score":165,"percentile":270},"2025-11-23",0.52082,{"date":272,"score":165,"percentile":273},"2025-11-24",0.52074,{"date":275,"score":165,"percentile":276},"2025-11-25",0.52079,{"date":278,"score":165,"percentile":270},"2025-11-26",{"date":280,"score":165,"percentile":281},"2025-11-27",0.52089,{"date":283,"score":165,"percentile":284},"2025-11-28",0.52054,{"date":286,"score":165,"percentile":287},"2025-11-29",0.52029,{"date":289,"score":165,"percentile":290},"2025-11-30",0.5202,{"date":292,"score":293,"percentile":294},"2025-12-01",0.00153,0.36655,{"date":296,"score":293,"percentile":297},"2025-12-02",0.36663,{"date":299,"score":293,"percentile":300},"2025-12-03",0.36662,{"date":302,"score":165,"percentile":303},"2025-12-04",0.52035,{"date":305,"score":165,"percentile":306},"2025-12-05",0.52057,{"date":308,"score":165,"percentile":306},"2025-12-06",{"date":310,"score":165,"percentile":311},"2025-12-07",0.52047,{"date":313,"score":165,"percentile":314},"2025-12-08",0.5205,{"date":316,"score":165,"percentile":317},"2025-12-09",0.5207,{"date":319,"score":165,"percentile":320},"2025-12-10",0.52133,{"date":322,"score":165,"percentile":245},"2025-12-11",{"date":324,"score":165,"percentile":325},"2025-12-12",0.52177,{"date":327,"score":165,"percentile":328},"2025-12-13",0.52168,{"date":330,"score":165,"percentile":331},"2025-12-14",0.52154,{"date":333,"score":165,"percentile":334},"2025-12-15",0.52136,{"date":336,"score":165,"percentile":245},"2025-12-16",{"date":338,"score":165,"percentile":339},"2025-12-17",0.52169,{"date":341,"score":342,"percentile":343},"2025-12-18",0.00299,0.52902,{"date":345,"score":342,"percentile":346},"2025-12-19",0.52906,{"date":348,"score":342,"percentile":349},"2025-12-20",0.52892,{"date":351,"score":342,"percentile":352},"2025-12-21",0.52871,{"date":354,"score":342,"percentile":355},"2025-12-22",0.52849,{"date":357,"score":342,"percentile":358},"2025-12-23",0.52851,{"date":360,"score":342,"percentile":361},"2025-12-24",0.52862,{"date":363,"score":342,"percentile":364},"2025-12-25",0.52908,{"date":366,"score":165,"percentile":367},"2025-12-26",0.52207,{"date":369,"score":165,"percentile":370},"2025-12-27",0.52246,{"date":372,"score":165,"percentile":373},"2025-12-28",0.52183,{"date":375,"score":165,"percentile":376},"2025-12-29",0.52161,{"date":378,"score":165,"percentile":240},"2025-12-30",{"date":380,"score":165,"percentile":381},"2025-12-31",0.52172,{"date":383,"score":293,"percentile":384},"2026-01-01",0.36798,{"date":386,"score":293,"percentile":387},"2026-01-02",0.36773,{"date":389,"score":293,"percentile":390},"2026-01-03",0.36761,{"date":392,"score":165,"percentile":393},"2026-01-04",0.52142,{"date":395,"score":165,"percentile":396},"2026-01-05",0.52129,{"date":398,"score":165,"percentile":334},"2026-01-06",{"date":400,"score":165,"percentile":401},"2026-01-07",0.52159,{"date":403,"score":165,"percentile":404},"2026-01-08",0.52179,{"date":406,"score":165,"percentile":407},"2026-01-09",0.52166,{"date":409,"score":165,"percentile":410},"2026-01-10",0.52163,{"date":412,"score":165,"percentile":413},"2026-01-11",0.52145,{"date":415,"score":165,"percentile":416},"2026-01-12",0.52103,{"date":418,"score":165,"percentile":419},"2026-01-13",0.52078,{"date":421,"score":165,"percentile":422},"2026-01-14",0.52126,{"date":424,"score":165,"percentile":425},"2026-01-15",0.52127,{"date":427,"score":165,"percentile":413},"2026-01-16",{"date":429,"score":165,"percentile":422},"2026-01-17",{"date":431,"score":165,"percentile":251},"2026-01-18",{"date":433,"score":165,"percentile":434},"2026-01-19",0.52091,{"date":436,"score":165,"percentile":434},"2026-01-20",{"date":438,"score":165,"percentile":439},"2026-01-21",0.52098,{"date":441,"score":165,"percentile":442},"2026-01-22",0.52104,{"date":444,"score":165,"percentile":245},"2026-01-23",{"date":446,"score":165,"percentile":331},"2026-01-24",{"date":448,"score":165,"percentile":449},"2026-01-25",0.52107,{"date":451,"score":165,"percentile":452},"2026-01-26",0.52087,{"date":454,"score":165,"percentile":455},"2026-01-27",0.52093,{"date":457,"score":165,"percentile":216},"2026-01-28",{"date":459,"score":165,"percentile":416},"2026-01-29",{"date":461,"score":165,"percentile":416},"2026-01-30",{"date":463,"score":165,"percentile":464},"2026-01-31",0.52109,{"date":466,"score":293,"percentile":467},"2026-02-01",0.36423,[469,476,483],{"source":174,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":470,"cvss_v4_0":9},{"baseScore":471,"baseSeverity":472,"vectorString":473,"impactScore":474,"exploitabilityScore":475},7.3,"HIGH","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P",5.7,10,{"source":169,"cvss_v2_0":477,"cvss_v3_0":9,"cvss_v3_1":481,"cvss_v4_0":9},{"baseScore":478,"baseSeverity":9,"vectorString":479,"impactScore":480,"exploitabilityScore":475},7.5,"AV:N/AC:L/Au:N/C:P/I:P/A:P",6.4,{"baseScore":167,"baseSeverity":482,"vectorString":170,"impactScore":167,"exploitabilityScore":475},"CRITICAL",{"source":175,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":484,"cvss_v4_0":9},{"baseScore":471,"baseSeverity":9,"vectorString":485,"impactScore":474,"exploitabilityScore":475},"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",[487,496,506],{"ecosystem":9,"name":488,"vendor":489,"product":490,"cpe_part":491,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":492},"debian linux","debian","debian_linux","o",[493],{"version":494,"is_range":101,"range_type":495,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0","cpe",{"ecosystem":9,"name":497,"vendor":498,"product":497,"cpe_part":499,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":500},"ini","ini_project","a",[501],{"version":502,"is_range":503,"range_type":495,"version_start":9,"version_start_type":9,"version_end":504,"version_end_type":505,"fixed_in":9},"lt1.3.6",true,"1.3.6","excluding",{"ecosystem":507,"name":497,"vendor":507,"product":497,"cpe_part":9,"purl_type":508,"purl_namespace":9,"purl_name":497,"source":9,"versions":509},"Npm","npm",[510],{"version":511,"is_range":503,"range_type":512,"version_start":9,"version_start_type":9,"version_end":504,"version_end_type":505,"fixed_in":9},"lt1_3_6","semver"]