multi-ini (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package multi-ini, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (2)
CVE-2020-28448 — CVSS 5.6 (medium): This affects the package multi-ini before 2.1.1. It is possible to pollute an object's prototype by specifying the proto object as part of…
CVE-2020-28460 — CVSS 5.6 (medium): This affects the package multi-ini before 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object…