Описание
The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption functions 2. by parsing/loading .proto files
A flaw was found in protobufjs, where it is vulnerable to Prototype Pollution, allowing an attacker to add/modify properties of the Object.prototype. This vulnerability can occur by providing untrusted user input to the util.setProperty or to the ReflectionObject.setParsedOption functions, and also by parsing/loading .proto files.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 2.1 | servicemesh-grafana | Not affected | ||
| Red Hat Enterprise Linux 8 | grafana | Will not fix | ||
| Red Hat Enterprise Linux 9 | grafana | Will not fix | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-console | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
8.2 High
CVSS3
Связанные уязвимости
The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption functions 2. by parsing/loading .proto files
EPSS
8.2 High
CVSS3