Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security vulnerability in @google-cloud/[email protected] #1122

Closed
hernancondoriipsy opened this issue Nov 22, 2023 · 3 comments
Closed

security vulnerability in @google-cloud/[email protected] #1122

hernancondoriipsy opened this issue Nov 22, 2023 · 3 comments
Labels
bug Something isn't working

Comments

@hernancondoriipsy
Copy link

Bug description

Currently [email protected] is a dependency of @google-cloud/[email protected]

https://security.snyk.io/vuln/SNYK-JS-PROTOBUFJS-5756498

Is there any plan to update to @google-cloud/logging@11?

Describe what you expected

No response

Steps to reproduce the issue

No response

Additional context

No response

Command

None
@hernancondoriipsy hernancondoriipsy added the bug Something isn't working label Nov 22, 2023
@duncanista duncanista mentioned this issue Nov 22, 2023
Merged
1 task
@Drarig29
Copy link
Contributor

Released in v2.24.1

@Drarig29
Copy link
Contributor

Drarig29 commented Nov 27, 2023
edited
Loading

@hernancondoriipsy FYI, the [email protected] is not affected by this vulnerability: >=6.10.0 <6.11.4 >=7.2.0 <7.2.4

So @google-cloud/[email protected] was actually not vulnerable.

@hernancondoriipsy
Copy link
Author

@hernancondoriipsy FYI, the [email protected] is not affected by this vulnerability: >=6.10.0 <6.11.4 >=7.2.0 <7.2.4

So @google-cloud/[email protected] was actually not vulnerable.

Is weird, because in the link to CVE we see this "protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Drarig29 @hernancondoriipsy