Versions of `protobufjs` before 5.0.3 and 6.8.6 are vulnerable to a regular expression denial of service when parsing crafted invalid *.proto files. Update to version 5.0.3, 6.8.6 or later
Reporter | Title | Published | Views | Family All 8 |
---|---|---|---|---|
![]() | CVE-2018-3738 | 7 Jun 201802:00 | – | cvelist |
![]() | Regular Expression Denial Of Service (ReDoS) | 3 Apr 201804:54 | – | veracode |
![]() | Node.js third-party modules: `protobufjs` is vulnerable to ReDoS when parsing crafted invalid *.proto files | 25 Feb 201817:59 | – | hackerone |
![]() | CVE-2018-3738 | 7 Jun 201802:29 | – | nvd |
![]() | Code injection | 7 Jun 201802:29 | – | prion |
![]() | Denial of Service in protobufjs | 9 Oct 201800:27 | – | osv |
![]() | CVE-2018-3738 | 7 Jun 201802:29 | – | osv |
![]() | CVE-2018-3738 | 7 Jun 201802:29 | – | cve |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo