PT-2020-19780 · Grpc · Grpc+1

Nerdjs

·

Published

2020-11-11

·

Updated

2022-12-02

·

CVE-2020-7768

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions grpc versions prior to 1.24.4 @grpc/grpc-js versions prior to 1.1.8
Description The issue concerns Prototype Pollution via loadPackageDefinition. This affects the grpc and @grpc/grpc-js packages.
Recommendations For grpc versions prior to 1.24.4, update to version 1.24.4 or later. For @grpc/grpc-js versions prior to 1.1.8, update to version 1.1.8 or later.

Fix

Prototype Pollution

Weakness Enumeration

CWE-1321CWE-915

Related Identifiers

CVE-2020-7768
GHSA-PP75-XFPW-37G9
SNYK-JAVA-ORGWEBJARSNPM-1038819
SNYK-JS-GRPC-598671
SNYK-JS-GRPCGRPCJS-1038818

Affected Products

@Grpc/Grpc-Js
Grpc