protobuf.js icon indicating copy to clipboard operation
protobuf.js copied to clipboard

Published 20 hours ago verified publisher icon protobufjs

Backport prototype setProperty checks to 6.11.3

Open ramy-abbas opened this issue 2 years ago • 5 comments

Hey can you please backport the additional prototypesetProperty check added in #1899 to v.6.11.3 similar to how you backported the first check here

ramy-abbas avatar Jul 10 '23 08:07 ramy-abbas

Hey @bcoe 👋 You reviewed the original PR so could you review @jportner PR?

ramy-abbas avatar Jul 24 '23 05:07 ramy-abbas

This backport would be extremely helpful

mizevkon avatar Jul 24 '23 14:07 mizevkon

This help to avoid https://nvd.nist.gov/vuln/detail/CVE-2023-36665 without upgrade a major version

Tom910 avatar Jul 25 '23 09:07 Tom910

Hey @ramy-abbas @mizevkon , We're part of a startup called Seal Security that mitigates software vulnerabilities in older open source versions by backporting/creating standalone security patches - enabling more straightforward remediation in cases like this. We created an protobufjs 6.11.3-sp1 that's vulnerability-free. As with all of our patches, it's open-source and available for free.

If relevant, check out our GitHub repo if you wish to learn more, or start using our app.

Please feel free to reach us at [email protected] if you have any requests/questions.

levpachmanov avatar Aug 06 '23 07:08 levpachmanov

There is version 6.11.4 published to NPM, however there was no explicit changelog or other announcement. According to commits, changes are about the requested backport

mizevkon avatar Aug 21 '23 11:08 mizevkon