Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-25878: fix: do not let setProperty change the prototype by alexander-fenster · Pull Request #1731 · protobufjs/protobuf.js

The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype.

This vulnerability can occur in multiple ways:

  1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption functions
  2. by parsing/loading .proto files
CVE
Open in Source
#vulnerability#js#git

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: do not let setProperty change the prototype #1731

Related news

GHSA-g954-5hwp-pp24: Prototype Pollution in protobufjs

The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption functions 2. by parsing/loading .proto files

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE