CVE-2020-7768

Summary

The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition.

Affected Software

VendorProductVersion RangeStatus
n/agrpcunspecified < 1.24.4affected
n/a@grpc/grpc-jsunspecified < 1.1.8affected

Weaknesses

  • Prototype Pollution

ADP Enrichment

CVE Program Container

Additional References

References