Security Advisory

CVE-2022-25878

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-05-27 20:00:15

Last updated 2024-09-17 02:36:03

Assigner snyk

State PUBLISHED

Description

The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption functions 2. by parsing/loading .proto files

← Browse all CVEs View on cve.org ↗