4 matches found
CVE-2026-44293
protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a non-string default...
CVE-2026-44293 protobufjs: Code injection through bytes field defaults in generated toObject code
protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a non-string default...
node-ral (=0.17.0), protobufjs (=6.1.0) +1 more potentially affected by CVE-2026-44293 via @protobufjs/utf8 (>=1.0.1 <=1.1.0)
@protobufjs/utf8 NPM version =1.0.1, =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on @protobufjs/utf8 and may be impacted: - node-ral =0.17.0 - protobufjs =6.1.0 - protobufjs-mod =6.8.2 Source cves: CVE-2026-44293 Source advisory:...
10minions-engine (>=0.0.1 <=0.0.4), @0xr404/lol404 (>=1.1.0 <=1.1.6) +3276 more potentially affected by CVE-2026-44293 via protobufjs (>=7.0.0 <=7.5.5)
protobufjs NPM version =7.0.0, =0.0.1, =1.1.0, =1.0.1-beta.0, =0.0.2-beta.0, =1.0.0, =1.5.10, =0.10.1, =1.1.0, =6.0.0, =2.0.2, =3.3.2 and more Source cves: CVE-2026-44293 Source advisory: SNYK:JS-PROTOBUFJS-16643421...