Summary
Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server.
Prototype pollution vulnerability introduced through firebase@9.18.0 , severity = High
Remediation: using a newer protobufjs than protobufjs@7.2.2 and protobufjs@6.11.3
Details
Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer.
PoC
Complete instructions, including specific configuration details, to reproduce the vulnerability.
run: npm ls protobufjs , upgrading the protobufjs version through package-lock.json will eliminate the problem i guess
Impact
What kind of vulnerability is it? Who is impacted?
Affected versions of this package are vulnerable to Prototype Pollution. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions.
Summary
Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server.
Prototype pollution vulnerability introduced through firebase@9.18.0 , severity = High
Remediation: using a newer protobufjs than protobufjs@7.2.2 and protobufjs@6.11.3
Details
Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer.
PoC
Complete instructions, including specific configuration details, to reproduce the vulnerability.
run: npm ls protobufjs , upgrading the protobufjs version through package-lock.json will eliminate the problem i guess
Impact
What kind of vulnerability is it? Who is impacted?
Affected versions of this package are vulnerable to Prototype Pollution. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions.