CVE-2022-25878

Summary

The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption functions 2. by parsing/loading .proto files

Affected Software

VendorProductVersion RangeStatus
n/aprotobufjsunspecified < 6.11.3affected

Weaknesses

  • Prototype Pollution

ADP Enrichment

CVE Program Container

Additional References

References