Versions of protobufjs
before 5.0.3 and 6.8.6 are vulnerable to a regular expression denial of service when parsing crafted invalid *.proto files.
Update to version 5.0.3, 6.8.6 or later.
CPE | Name | Operator | Version |
---|---|---|---|
protobufjs | lt | 6.8.6 | |
protobufjs | lt | 5.0.3 | |
protobufjs | ge | 6.0.0 |