grpc is vulnerable to prototype pollution. The vulnerability exists through loadPackageDefinition, where the prototype of the class of the object can be set through arbitrary values of __proto__
.
Vendor | Product | Version | CPE |
---|---|---|---|
grpc | \@grpc\/grpc-js | * | cpe:2.3:a:grpc:\@grpc\/grpc-js:*:*:*:*:*:*:*:* |
grpc | grpc | * | cpe:2.3:a:grpc:grpc:*:*:*:*:*:*:*:* |