protobufjs Prototype Pollution vulnerability #7122
Assignees
Labels
Comments
|
Hey @sandeep-reddy-u, thanks for reporting this. Let me discuss this with our engineering team to see what we can do to address the vulnerability issue. |
|
Hi @aalej and Team, Thanks for picking this issue and I see you already made progress which is Great News! I would like to know when can we expect a release with this fix. If we don't have exact release date already, tentative timeline will also help. |
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Project https://github.com/firebase/firebase-tools has dependency on @google-cloud/pubsub package, which has a critical security vulnerability.
Severity: critical
Title: protobufjs Prototype Pollution vulnerability
Package: protobufjs
Patched in protobufjs version: >=7.2.5
Path: firebase-tools > @google-cloud/pubsub > google-gax > protobufjs
More info: https://www.npmjs.com/advisories/1096964
This issue has been fixed in the latest versions of @google-cloud/pubsub package. But firebase-tools project is still using @google-cloud/pubsub version 3.x.x even in its latest release.
The text was updated successfully, but these errors were encountered: