308 matches found
ROOT-APP-NPM-CVE-2026-48712 CVE-2026-48712 in @rootio/protobufjs - Patched by Root
Root has patched CVE-2026-48712 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44291 CVE-2026-44291 in @rootio/protobufjs - Patched by Root
Root has patched CVE-2026-44291 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44292 CVE-2026-44292 in @rootio/protobufjs - Patched by Root
Root has patched CVE-2026-44292 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44289 CVE-2026-44289 in @rootio/protobufjs - Patched by Root
Root has patched CVE-2026-44289 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-41242 CVE-2026-41242 in @rootio/protobufjs - Patched by Root
Root has patched CVE-2026-41242 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44294 CVE-2026-44294 in @rootio/protobufjs - Patched by Root
Root has patched CVE-2026-44294 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44288 CVE-2026-44288 in @rootio/protobufjs - Patched by Root
Root has patched CVE-2026-44288 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44293 CVE-2026-44293 in @rootio/protobufjs - Patched by Root
Root has patched CVE-2026-44293 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44290 CVE-2026-44290 in @rootio/protobufjs - Patched by Root
Root has patched CVE-2026-44290 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-45740 CVE-2026-45740 in @rootio/protobufjs - Patched by Root
Root has patched CVE-2026-45740 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...
CVE-2026-59876
A flaw was found in protobufjs. The Text Format extension, responsible for compiling protobuf definitions into JavaScript functions, improperly parsed string-keyed map entries. This allowed a specially crafted map entry with the key proto to modify the prototype of the returned map object. An...
protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors
A flaw was found in protobufjs, a library used to compile protobuf definitions into JavaScript functions. A remote attacker could exploit this vulnerability by providing a crafted descriptor that includes a non-string default value for a bytes field. This could lead to the generation of an unsafe...
Prototype Pollution
Overview protobufjs-cli is a Translates between file formats and generates static code as well as TypeScript definitions. Affected versions of this package are vulnerable to Prototype Pollution through the textformat file. An attacker can modify the prototype of the returned map object by supplyi...
Prototype Pollution
Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Prototype Pollution through the textformat file. An attacker can modify the prototype of the returned map object by supplying a specially crafted map entry with the key proto...
Infinite loop
Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Infinite loop in the option parsing. An attacker can cause the application to enter an infinite loop by submitting a crafted .proto schema that opens an option declaration and...
CVE-2026-59876
protobufjs compiles protobuf definitions into JavaScript JS functions. From 8.2.0 until 8.6.5, the protobufjs Text Format extension parsed string-keyed map entries using ordinary property assignment, allowing a map entry with key proto to change the prototype of the returned map object instead of...
CVE-2026-59877
protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.6.5 and 8.6.6, protobufjs parsed option names by advancing through schema tokens until reaching an = token without checking for end of input, so a crafted .proto schema that opens an option declaration and ends...
CVE-2026-59876 protobufjs: Text Format string map parsing can mutate returned map object prototype
protobufjs compiles protobuf definitions into JavaScript JS functions. From 8.2.0 until 8.6.5, the protobufjs Text Format extension parsed string-keyed map entries using ordinary property assignment, allowing a map entry with key proto to change the prototype of the returned map object instead of...
CVE-2026-59876
CVE-2026-59876 affects protobufjs (Text Format extension) where, from 8.2.0 through 8.6.5, string-keyed map entries were parsed via ordinary property assignment, allowing a map entry with key proto to mutate the prototype of the returned map instead of creating an own entry in protobufjs/ext/text...
CVE-2026-59876 protobufjs: Text Format string map parsing can mutate returned map object prototype
protobufjs compiles protobuf definitions into JavaScript JS functions. From 8.2.0 until 8.6.5, the protobufjs Text Format extension parsed string-keyed map entries using ordinary property assignment, allowing a map entry with key proto to change the prototype of the returned map object instead of...