Description
The package protobufjs is vulnerable to Prototype Pollution, which can allow an attacker to add/modify properties of the Object.prototype. Versions after and including 6.10.0 until 6.10.3 and after and including 6.11.0 until 6.11.3 are vulnerable.
This vulnerability can occur in multiple ways:
- by providing untrusted user input to util.
Recommendation
Update the protobufjs package to the latest compatible version. Followings are version details:
Affected version(s): **>= 6.10.0, < 6.10.3 >= 6.11.0, < 6.11.3** Patched version(s): **6.10.3 6.11.3**
References
Related Issues
- Firebase vulnerable to CRSF attack - CVE-2024-4128
- protobufjs Prototype Pollution vulnerability - CVE-2023-36665
- Cube API denial of service attack - CVE-2023-50709
- Cross-Site Scripting in highcharts - Vulnerability
- Tags:
- npm
- protobufjs
Anything's wrong? Let us know Last updated on November 29, 2023