Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:27867
HistoryNov 12, 2020 - 1:03 a.m.

Prototype Pollution

2020-11-1201:03:39
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
prototype pollution
software security

EPSS

0.005

Percentile

77.6%

grpc is vulnerable to prototype pollution. The vulnerability exists through loadPackageDefinition, where the prototype of the class of the object can be set through arbitrary values of __proto__.

Affected configurations

Vulners
Node
grpc\@grpc\/grpc-jsRange1.1.7
OR
grpcgrpcRange1.24.3
VendorProductVersionCPE
grpc\@grpc\/grpc-js*cpe:2.3:a:grpc:\@grpc\/grpc-js:*:*:*:*:*:*:*:*
grpcgrpc*cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:*