Veracode Vulnerability DatabaseVERACODE:41131Prototype Pollution
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
47.5%
protobufjs is vulnerable to Prototype Pollution. The vulnerability exists in the setProperty function of util.js, which allows an attacker to inject and modify malicious properties such as __proto__, resulting in prototype pollution.
| CPE | Name | Operator | Version |
|---|---|---|---|
| protobufjs | le | 7.2.3 | |
| protobufjs | le | 6.11.3 | |
| protobufjs | le | 7.2.3 | |
| protobufjs | le | 7.2.3 | |
| protobufjs | le | 6.11.3 | |
| protobufjs | le | 7.2.3 |
References
github.com/protobufjs/protobuf.js/commit/e66379f451b0393c27d87b37fa7d271619e16b0d
github.com/protobufjs/protobuf.js/compare/protobufjs-v7.2.3...protobufjs-v7.2.4
github.com/protobufjs/protobuf.js/pull/1899
github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v7.2.4
www.code-intelligence.com/blog/cve-protobufjs-prototype-pollution-cve-2023-36665
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
47.5%