VYPR
High severityNVD Advisory· Published May 27, 2022· Updated Sep 17, 2024

Prototype Pollution

CVE-2022-25878

Description

The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption functions 2. by parsing/loading .proto files

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
protobufjsnpm
>= 6.11.0, < 6.11.36.11.3
protobufjsnpm
>= 6.10.0, < 6.10.36.10.3

Affected products

2

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.