Protobufjs Project: >> Protobufjs >> 0.12.4 Security Vulnerabilities
The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption functions 2. by parsing/loading .proto files
CVSS Score
8.2
EPSS Score
0.004
Published
2022-05-27
protobufjs is vulnerable to ReDoS when parsing crafted invalid .proto files.
CVSS Score
5.5
EPSS Score
0.004
Published
2018-06-07