CVE-2023-36665 #1106

vbonini · 2023-08-18T00:48:42Z

The [email protected] package version is required in several places. (E.g. 1 - 2 - 3). This version has a critical vulnerability, with a fixed version available.

Node.js (node-pkg)
==================
Total: 1 (CRITICAL: 1)
┌───────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬────────────────────────────────────────────────────────────┐
│          Library          │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                           Title                            │
├───────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼────────────────────────────────────────────────────────────┤
│ protobufjs (package.json) │ CVE-2023-36665 │ CRITICAL │ fixed  │ 6.11.3            │ 6.11.4, 7.2.4 │ prototype pollution using user-controlled protobuf message │
│                           │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2023-36665                 │
└───────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴────────────────────────────────────────────────────────────┘

The text was updated successfully, but these errors were encountered:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2023-36665 #1106

CVE-2023-36665 #1106

vbonini commented Aug 18, 2023

CVE-2023-36665 #1106

CVE-2023-36665 #1106

Comments

vbonini commented Aug 18, 2023