Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

v6.11.4 still listed as vulnerable to CVE-2023-36665 #2008

Open
pwmcintyre opened this issue Jul 11, 2024 · 1 comment
Open

v6.11.4 still listed as vulnerable to CVE-2023-36665 #2008

pwmcintyre opened this issue Jul 11, 2024 · 1 comment

Comments

@pwmcintyre
Copy link

protobuf.js version: 6.11.4

This version is still being listed as vulnerable to CVE-2023-36665

I understand we should patch to 7.x but we are not able to.

Is it possible to have the nist dataset fixed (see related comments)

related:
@pwmcintyre
Copy link
Author

it looks as though the Github advisory is fixed, but not elsewhere:
GHSA-h755-8qp9-cq85
⚠️ https://nvd.nist.gov/vuln/detail/CVE-2023-36665

@pwmcintyre pwmcintyre mentioned this issue Jul 11, 2024
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pwmcintyre