依赖项 npm:protobufjs:5.0.3 vulnerable
更新到不受影响的版本 7.2.5
CVE-2022-25878,分数: 8.2
The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption functions 2. by parsing/loading .proto files
阅读更多: https://www.mend.io/vulnerability-database/CVE-2022-25878?utm_source=JetBrains
结果由 Mend.io 提供技术支持
依赖项 npm:protobufjs:5.0.3 vulnerable
更新到不受影响的版本 7.2.5
CVE-2022-25878,分数: 8.2
The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption functions 2. by parsing/loading .proto files
阅读更多: https://www.mend.io/vulnerability-database/CVE-2022-25878?utm_source=JetBrains
结果由 Mend.io 提供技术支持