Open pwmcintyre opened 1 month ago
protobuf.js version: 6.11.4
This version is still being listed as vulnerable to CVE-2023-36665
I understand we should patch to 7.x but we are not able to.
Is it possible to have the nist dataset fixed (see related comments)
related:
it looks as though the Github advisory is fixed, but not elsewhere: ✅ https://github.com/advisories/GHSA-h755-8qp9-cq85 ⚠️ https://nvd.nist.gov/vuln/detail/CVE-2023-36665
protobuf.js version: 6.11.4
This version is still being listed as vulnerable to CVE-2023-36665
I understand we should patch to 7.x but we are not able to.
Is it possible to have the nist dataset fixed (see related comments)
related: