NextGuard
UNKNOWNCVE-2022-25878

Prototype Pollution in protobufjs

Platform

nodejs

Component

protobufjs

Fixed in

6.11.3

View on NVD

The package protobufjs is vulnerable to Prototype Pollution, which can allow an attacker to add/modify properties of the Object.prototype. Versions after and including 6.10.0 until 6.10.3 and after and including 6.11.0 until 6.11.3 are vulnerable. This vulnerability can occur in multiple ways: 1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption functions 2. by parsing/loading .proto files

How to fix

Actualice la dependencia protobufjs a la versión 6.11.3 o superior. Esto corrige la vulnerabilidad de Prototype Pollution. Ejecute `npm install protobufjs@latest` o `yarn upgrade protobufjs` para actualizar.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free
CVE-2022-25878 — Vulnerability Details | NextGuard | NextGuard