CVE-2026-41242
- EPSS 0.58%
- Veröffentlicht 18.04.2026 16:18:10
- Zuletzt bearbeitet 23.04.2026 15:26:37
protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of protobuf definitions, which will then execute during object decoding using that...
CVE-2023-36665
- EPSS 1.42%
- Veröffentlicht 05.07.2023 14:15:09
- Zuletzt bearbeitet 21.11.2024 08:10:16
"protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by add...
CVE-2022-25878
- EPSS 2.07%
- Veröffentlicht 27.05.2022 20:15:10
- Zuletzt bearbeitet 21.11.2024 06:53:09
The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user input to util.setPr...
CVE-2018-3738
- EPSS 0.96%
- Veröffentlicht 07.06.2018 02:29:08
- Zuletzt bearbeitet 21.11.2024 04:05:58
protobufjs is vulnerable to ReDoS when parsing crafted invalid .proto files.