Skip to content
This repository was archived by the owner on Jun 6, 2025. It is now read-only.
This repository was archived by the owner on Jun 6, 2025. It is now read-only.

protobufjs Prototype Pollution vulnerability #502

Closed
#504
Closed
protobufjs Prototype Pollution vulnerability#502
#504
Labels
javascript-sdkkalix-runtimeRuntime and SDKs sub-team
@pvlugter

Description

@pvlugter
pvlugter
opened on Jul 20, 2023
# npm audit report

protobufjs  6.10.0 - 7.2.3
Severity: high
protobufjs Prototype Pollution vulnerability - https://github.com/advisories/GHSA-h755-8qp9-cq85
fix available via `npm audit fix --force`
Will install protobufjs@7.2.4, which is a breaking change
node_modules/protobufjs
  @grpc/proto-loader  0.6.0-pre1 - 0.6.13
  Depends on vulnerable versions of protobufjs
  node_modules/@grpc/proto-loader
    @grpc/grpc-js  1.4.0 - 1.6.7
    Depends on vulnerable versions of @grpc/proto-loader
    node_modules/@grpc/grpc-js

3 high severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

Metadata

Metadata

Assignees

No one assigned

    Labels

    javascript-sdkkalix-runtimeRuntime and SDKs sub-team

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions