Seal Security raises $13M series A to secure open source code at scale. Read full press release.
.avif)
The package protobufjs is vulnerable to Prototype Pollution, which can allow an attacker to add/modify properties of the Object.prototype. Versions after and including 6.10.0 until 6.10.3 and after and including 6.11.0 until 6.11.3 are vulnerable.This vulnerability can occur in multiple ways:1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption functions2. by parsing/loading .proto files
Fix available through Seal Security. No upgrade required, protect your application instantly.
Fix without upgrading