Description
The package protobufjs is vulnerable to Prototype Pollution, which can allow an attacker to add/modify properties of the Object.prototype. Versions after and including 6.10.0 until 6.10.3 and after and including 6.11.0 until 6.11.3 are vulnerable.
This vulnerability can occur in multiple ways:
- by providing untrusted user input to util.
Recommendation
Update the protobufjs package to the latest compatible version. Followings are version details:
Affected version(s): **>= 6.10.0, < 6.10.3 >= 6.11.0, < 6.11.3** Patched version(s): **6.10.3 6.11.3**
References
Related Issues
- Prototype Pollution in JSON5 via Parse Method - CVE-2022-46175
- Prototype pollution in Plist before 3.0.5 can cause denial of service - CVE-2022-22912
- Grunt-karma vulnerable to prototype pollution - CVE-2022-37602
- thlorenz browserify-shim vulnerable to prototype pollution - browserify-shim - GHSA-cfgr-75jx-h88g - CVE-2022-37623
You might also like:
- Tags:
- npm
- protobufjs
Anything's wrong? Let us know Last updated on November 29, 2023