Description
The package protobufjs is vulnerable to Prototype Pollution, which can allow an attacker to add/modify properties of the Object.prototype. Versions after and including 6.10.0 until 6.10.3 and after and including 6.11.0 until 6.11.3 are vulnerable.
This vulnerability can occur in multiple ways:
- by providing untrusted user input to util.
Recommendation
Update the protobufjs package to the latest compatible version. Followings are version details:
Affected version(s): **>= 6.10.0, < 6.10.3 >= 6.11.0, < 6.11.3** Patched version(s): **6.10.3 6.11.3**
References
Related Issues
- qs vulnerable to Prototype Pollution - CVE-2022-24999
- protobufjs Prototype Pollution vulnerability - CVE-2023-36665
- steal vulnerable to Prototype Pollution via optionName variable - CVE-2022-37264
- matrix-js-sdk Prototype Pollution vulnerability - CVE-2022-36059
You might also like:
- Tags:
- npm
- protobufjs
Anything's wrong? Let us know Last updated on November 29, 2023


