high Prototype Pollution in protobufjs

Module: [protobufjs](https://github.com/protobufjs/protobuf.js)
Installed version: 6.11.2
Published: 28/05/2022, 02:00:20
CWE-1321
https://github.com/advisories/GHSA-g954-5hwp-pp24
Vulnerable: <6.11.3
Patched: >=6.11.3
Overview
The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype.

This vulnerability can occur in multiple ways:

by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption functions
by parsing/loading .proto files
Remediation
Upgrade to version 6.11.3 or later

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

high Prototype Pollution in protobufjs #32

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

high Prototype Pollution in protobufjs #32

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions