protobufjs is a protocol buffer for JavaScript (& TypeScript).
Affected versions of this package are vulnerable to Improper Handling of Unicode Encoding in the decoding of overlong UTF-8 strings. An attacker can bypass application-level byte filtering or validation by sending malicious sequences that decode to canonical characters. This is only exploitable if the application decodes protobuf binary data using the minimal UTF-8 decoder and relies on byte-level filtering before string decoding.
Remediation
Upgrade protobufjs to version 7.5.6, 8.0.2, 8.0.3, 8.2.0 or higher.