使用的依靠有漏洞

[iyutong]

依赖项 npm:protobufjs:5.0.3 vulnerable

更新到不受影响的版本 7.2.5

CVE-2022-25878，分数: 8.2

The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption functions 2. by parsing/loading .proto files

阅读更多: https://www.mend.io/vulnerability-database/CVE-2022-25878?utm_source=JetBrains

结果由 Mend.io 提供技术支持