CVE Catalog

CVE-2025-63703

Critical
Published: Translated: NVD NIST

Summary

The npm package parse-ini version 1.0.6 is vulnerable to Prototype Pollution in the index.js() function.

Risk Assessment

Exploitation of this vulnerability may lead to unauthorized modifications of prototype objects, jeopardizing application integrity.

Recommendation

It is recommended to update the parse-ini package to the latest version to mitigate this vulnerability.

Original NVD description (English source)

npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js().

Vulnerability data from NVD (NIST) · CISA KEV · EPSS