CVE-2020-7768: Improperly Controlled Modification of Dynamically-Determined Object Attributes
(updated )
The package grpc ; the package @grpc/grpc-js are vulnerable to Prototype Pollution via loadPackageDefinition.
References
- github.com/advisories/GHSA-pp75-xfpw-37g9
- github.com/grpc/grpc-node/pull/1605
- github.com/grpc/grpc-node/pull/1606
- github.com/grpc/grpc-node/releases/tag/grpc%401.24.4
- nvd.nist.gov/vuln/detail/CVE-2020-7768
- snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038819
- snyk.io/vuln/SNYK-JS-GRPC-598671
- snyk.io/vuln/SNYK-JS-GRPCGRPCJS-1038818
- www.npmjs.com/package/@grpc/grpc-js
- www.npmjs.com/package/grpc
Detect and mitigate CVE-2020-7768 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →