Description

• A vulnerability was found on a package called protobufjs, version 6 and 7 are compromised
• The vulneability is CVE-2023-36665, with a CRITICAL SEVERITY of 9.8
  • Both versions have patches against this issue, version 6.11.4 and 7.2.5
• Some coin SDKs that we use are using protobufjs
  • The ones using version 6 are up to date
  • The ones using version 7 are vulnerable
• HBAR, ISLM and TRX SDKs are affected

Issue Number

DX-314

Type of change

• Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested?

Code builds and compiles, all tests pass

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• My code compiles correctly for both Node and Browser environments
• I have commented my code, particularly in hard-to-understand areas
• My commits follow Conventional Commits and I have properly described any BREAKING CHANGES
• The ticket or github issue was included in the commit message as a reference
• I have made corresponding changes to the documentation and on any new/updated functions and/or methods - jsdoc
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
  -->