Skip to content
This repository was archived by the owner on Mar 19, 2026. It is now read-only.
This repository was archived by the owner on Mar 19, 2026. It is now read-only.

CVE-2023-36665 vunerablity in protobufjs 7.2.3 #241

Closed
Closed
CVE-2023-36665 vunerablity in protobufjs 7.2.3#241
Assignees
alexander-fenster
Labels
priority: p2Moderately-important priority. Fix may not be included in next release.type: bugError or flaw in code with unintended results or allowing sub-optimal usage patterns.
@Martin-Locker

Description

@Martin-Locker
Martin-Locker
opened on Jul 7, 2023

google-gax depends on a vulnerable library protobufjs 7.2.3
A fix with 7.2.4 is available but dependency is directly to 7.2.3

Link to CVE-2023-36665 : https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36665

+-- [email protected]
| +-- @grpc/[email protected]
| | `-- **[email protected]**
| +-- [email protected]
| | `-- **[email protected]**
| +-- [email protected]
| | `-- **[email protected]**
| `-- [email protected]
`-- **[email protected]**

Can dependency for next version changed to 7.2.4 ?

Metadata

Metadata

Assignees

Labels

priority: p2Moderately-important priority. Fix may not be included in next release.type: bugError or flaw in code with unintended results or allowing sub-optimal usage patterns.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions