EPSS
Percentile
85.4%
ini is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as __proto__, constructor and prototype.
__proto__
constructor
prototype
github.com/advisories/GHSA-qqgx-2p2h-9c37
github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1
lists.debian.org/debian-lts-announce/2020/12/msg00032.html