9 matches found
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to prototype pollution due to the protobufjs package (CVE-2022-25878)
Summary Protobufjs is used by DataStage on Cloud Pak for Data as part of data serialization. Vulnerability Details CVEID:CVE-2022-25878 DESCRIPTION: The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the...
Linux Distros Unpatched Vulnerability : CVE-2022-25878
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This...
protobufjs Prototype Pollution vulnerability
protobuf.js aka protobufjs 6.10.0 until 6.11.4 and 7.0.0 until 7.2.4 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and...
Design/Logic Flaw
"protobuf.js aka protobufjs 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions...
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer operands may be vulnerable to arbitrary code execution due to CVE-2022-25878
Summary Node.js module protobufjs is used internally by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container IntegrationServer operands may be vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported...
@0cfg/rpc-common (>=0.0.1 <=0.1.3), @0cfg/rpc-node (>=0.0.1 <=0.1.3) +311 more potentially affected by CVE-2022-25878 via protobufjs (>=6.11.1 <=6.11.2)
protobufjs NPM version =6.11.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.11, =0.0.2, =0.1.0, =4.0.0, =1.0.0, =0.4.21, =1.0.3, =0.1.0, =0.1.0, =0.4.115, =0.5.167 - @atomist/npm-release-skill =0.1.1-110 and more Source cves: CVE-2022-25878 Source advisory: OSV:GHSA-G954-5HWP-PP24...
CVE-2022-25878
CVE-2022-25878 affects protobufjs with Prototype Pollution (Object.prototype) via untrusted input to util.setProperty, ReflectionObject.setParsedOption, or .proto parsing. Connected docs show a related entry (CVE-2023-36665) describing protobufjs 6.10.0–7.x before 7.2.5 as vulnerable to prototype...
CVE-2022-25878 Prototype Pollution
The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption...
@0cfg/rpc-common (>=0.0.1 <=0.1.3), @0cfg/rpc-node (>=0.0.1 <=0.1.3) +311 more potentially affected by CVE-2022-25878 via protobufjs (>=6.11.1 <=6.11.2)
protobufjs NPM version =6.11.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.11, =0.0.2, =0.1.0, =4.0.0, =1.0.0, =0.4.21, =1.0.3, =0.1.0, =0.1.0, =0.4.115, =0.5.167 - @atomist/npm-release-skill =0.1.1-110 and more Source cves: CVE-2022-25878 Source advisory: SNYK:JS-PROTOBUFJS-2441248...