All vulnerabilities

CVE-2022-25878

Prototype Pollution in protobufjs

Description

The package protobufjs is vulnerable to Prototype Pollution, which can allow an attacker to add/modify properties of the Object.prototype. Versions after and including 6.10.0 until 6.10.3 and after and including 6.11.0 until 6.11.3 are vulnerable.

This vulnerability can occur in multiple ways:

  1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption functions
  2. by parsing/loading .proto files

Patch Available

Fix available through Seal Security. 

No upgrade required, protect your application instantly.

Fix without upgrading
Score
Severity
Ecosystem
JavaScript
Publish Date
May 27, 2022
Modified Date
January 14, 2025
Score Vector
Affected Versions