CVE-2020-7768
on github
Published
Severity
CVSS v3:
9.8 CRITICAL
CVSS v2:
5 MEDIUM
Description
The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition.
References
Configurations
| CPE23 | Version Start | Version End | Exact Version |
|---|---|---|---|
| cpe:2.3:a:grpc:grpc:*:*:*:*:*:node.js:*:* | n/a | 1.1.8 | * |
| cpe:2.3:a:grpc:grpc:*:*:*:*:*:-:*:* | n/a | 1.24.2 | * |