CVE-2023-36665 vunerablity in protobufjs >= 6.10.0, < 7.2.4 #256

letsgolesco · 2023-07-11T18:46:38Z

pprof depends on a vulnerable library protobufjs ~7.0.0
A fix is available in protobufjs 7.2.4
Vulnerability link: GHSA-h755-8qp9-cq85

Can we upgrade this dependency to 7.2.4?

aabmass · 2023-07-18T18:32:58Z

Thanks for flagging, I'll take this

letsgolesco mentioned this issue Jul 11, 2023

CVE-2023-36665 vunerablity in protobufjs >= 6.10.0, < 7.2.4 googleapis/cloud-profiler-nodejs#879

Closed

aabmass self-assigned this Jul 18, 2023

aabmass linked a pull request Jul 20, 2023 that will close this issue

fix(deps): update dependency protobufjs to ~7.2.0 [security] #254

Merged

1 task

aabmass closed this as completed in #254 Jul 20, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2023-36665 vunerablity in protobufjs >= 6.10.0, < 7.2.4 #256

CVE-2023-36665 vunerablity in protobufjs >= 6.10.0, < 7.2.4 #256

letsgolesco commented Jul 11, 2023

aabmass commented Jul 18, 2023

CVE-2023-36665 vunerablity in protobufjs >= 6.10.0, < 7.2.4 #256

CVE-2023-36665 vunerablity in protobufjs >= 6.10.0, < 7.2.4 #256

Comments

letsgolesco commented Jul 11, 2023

aabmass commented Jul 18, 2023