We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
"protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions. Exploitation can involve: (1) using the function parse to parse protobuf messages on the fly, (2) loading .proto files by using load/loadSync functions, or (3) providing untrusted input to the functions ReflectionObject.setParsedOption and util.setProperty.
Reserved 2023-06-25 | Published 2023-07-05 | Updated 2024-08-02 | Assigner mitregithub.com/.../compare/protobufjs-v7.2.3...protobufjs-v7.2.4
github.com/...ommit/e66379f451b0393c27d87b37fa7d271619e16b0d
www.code-intelligence.com/...totype-pollution-cve-2023-36665
github.com/...fjs/protobuf.js/releases/tag/protobufjs-v7.2.4
github.com/protobufjs/protobuf.js/pull/1899
security.netapp.com/advisory/ntap-20240628-0006/
Support options