HIGH 7.5 npm
Prototype pollution in grpc and @grpc/grpc-js
GHSA-pp75-xfpw-37g9 · CVE-2020-7768
Published · Modified
Description
"The package grpc before 1.24.4 and the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition."
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2020-7768
- WEB https://github.com/grpc/grpc-node/pull/1605
- WEB https://github.com/grpc/grpc-node/pull/1606
- WEB https://github.com/grpc/grpc-node/releases/tag/grpc%401.24.4
- WEB https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038819
- WEB https://snyk.io/vuln/SNYK-JS-GRPC-598671
- WEB https://snyk.io/vuln/SNYK-JS-GRPCGRPCJS-1038818
- WEB https://www.npmjs.com/package/@grpc/grpc-js
- WEB https://www.npmjs.com/package/grpc
Ready to move
Start Securing
Free, no credit card | First findings in minutes