protobuf.js icon indicating copy to clipboard operation
protobuf.js copied to clipboard

Published 20 hours ago verified publisher icon protobufjs

v6.11.4 still listed as vulnerable to CVE-2023-36665

Open pwmcintyre opened this issue 1 year ago • 1 comments

protobuf.js version: 6.11.4

This version is still being listed as vulnerable to CVE-2023-36665

I understand we should patch to 7.x but we are not able to.

Is it possible to have the nist dataset fixed (see related comments)

related:

  • https://github.com/protobufjs/protobuf.js/issues/1918#issuecomment-1693754640
  • https://github.com/protobufjs/protobuf.js/issues/1928#issuecomment-1690633778

pwmcintyre avatar Jul 11 '24 03:07 pwmcintyre

it looks as though the Github advisory is fixed, but not elsewhere: ✅ https://github.com/advisories/GHSA-h755-8qp9-cq85 ⚠️ https://nvd.nist.gov/vuln/detail/CVE-2023-36665

pwmcintyre avatar Jul 11 '24 03:07 pwmcintyre