GCVE - cpe:2.3:a:n/a:@aws-sdk/shared-ini-file-loader:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:@aws-sdk/shared-ini-file-loader:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	@Aws Sdk/Shared Ini File Loader (`828b393a-553a-58cc-b874-c8c4cafa96e6`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2020-28472`	vulnerable	2026-06-08 05:23:56.126223	Prototype Pollution HIGH (7.3) This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited further depending on the context. Published: 2021-01-19T10:25:15.313Z Updated: 2024-09-16T23:06:31.989Z Open on db.gcve.eu Reference links https://snyk.io/vuln/SNYK-JS-AWSSDKSHAREDINIFILELOADER-1049304 https://snyk.io/vuln/SNYK-JS-AWSSDK-1059424 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059425 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1059426 https://github.com/aws/aws-sdk-js-v3/commit/a209082dff913939672bb069964b33aa4c5409a9	Imported from gcve-enriched-dumps CVE data

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.