Lucene search
K

290 matches found

attackerkb
attackerkb
added 2026/05/13 2:50 p.m.6 views

CVE-2026-44295

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum,...

8.7CVSS5.9AI score0.00395EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/05/13 2:50 p.m.21 views

CVE-2026-44295

The CVE-2026-44295 entry concerns protobufjs-cli (pbjs) static code generation. The issue: when generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum, service, or derived full names could be written into the output without sufficient sanitization, enabling...

8.7CVSS5.9AI score0.00395EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/05/13 2:49 p.m.33 views

CVE-2026-42290 protobufjs-cli: OS Command Injection

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbts invoked JSDoc by building a shell command string from input file paths and executing it through childprocess.exec. File paths containing shell metacharacters could therefore be interpreted by the shell inste...

7.8CVSS0.00132EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/13 2:49 p.m.9 views

CVE-2026-42290 protobufjs-cli: OS Command Injection

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbts invoked JSDoc by building a shell command string from input file paths and executing it through childprocess.exec. File paths containing shell metacharacters could therefore be interpreted by the shell inste...

7.8CVSS5.8AI score0.00132EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/13 2:49 p.m.5 views

CVE-2026-42290

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbts invoked JSDoc by building a shell command string from input file paths and executing it through childprocess.exec. File paths containing shell metacharacters could therefore be interpreted by the shell inste...

7.8CVSS5.8AI score0.00132EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/05/13 2:49 p.m.22 views

CVE-2026-42290

Summary: The vulnerability affects protobufjs-cli’s pbts command. In versions before 1.2.1 and 2.0.2, pbts builds a shell command string from input file paths and runs it via child_process.exec, allowing file paths containing shell metacharacters to be interpreted by the shell. This can enable OS...

7.8CVSS5.8AI score0.00132EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2026/05/13 2:46 p.m.10 views

CVE-2026-45740 protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth limit while expanding nested JSON descriptors through Root.fromJSON and Namespace.addJSON. A crafted JSON descriptor with deeply nested namespace definitions...

5.3CVSS5.8AI score0.00263EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/13 2:46 p.m.32 views

CVE-2026-45740 protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth limit while expanding nested JSON descriptors through Root.fromJSON and Namespace.addJSON. A crafted JSON descriptor with deeply nested namespace definitions...

5.3CVSS0.00263EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/13 2:46 p.m.6 views

CVE-2026-45740

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth limit while expanding nested JSON descriptors through Root.fromJSON and Namespace.addJSON. A crafted JSON descriptor with deeply nested namespace definitions...

5.3CVSS5.8AI score0.00263EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/05/13 2:46 p.m.26 views

CVE-2026-45740

Protobufjs vulnerability CVE-2026-45740 arises from unbounded recursion when expanding deeply nested JSON descriptors (Root.fromJSON(), Namespace.addJSON()). Before versions 7.5.8 and 8.2.0, crafted JSON descriptors could exhaust the JavaScript call stack, causing a Denial of Service. The issue a...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/05/13 2:44 p.m.37 views

CVE-2026-44294 protobufjs: Denial of service from crafted field names in generated code

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript property accessors from schema-controlled field and oneof names. Certain control characters in field names were not escaped before being embedded into generated functio...

5.3CVSS0.00431EPSS
Exploits0References1
cve
cve
added 2026/05/13 2:44 p.m.25 views

CVE-2026-44294

CVE-2026-44294 affects protobufjs. Prior to versions 7.5.6 and 8.0.2, generated JavaScript property accessors from schema-controlled field and oneof names did not escape certain control characters in field names, which could cause generated encode, decode, verify, or conversion functions to fail ...

5.3CVSS5.8AI score0.00431EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2026/05/13 2:44 p.m.9 views

CVE-2026-44294 protobufjs: Denial of service from crafted field names in generated code

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript property accessors from schema-controlled field and oneof names. Certain control characters in field names were not escaped before being embedded into generated functio...

5.3CVSS5.8AI score0.00431EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/13 2:44 p.m.7 views

CVE-2026-44294

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript property accessors from schema-controlled field and oneof names. Certain control characters in field names were not escaped before being embedded into generated functio...

5.3CVSS5.8AI score0.00431EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2026/05/13 2:43 p.m.54 views

CVE-2026-44293 protobufjs: Code injection through bytes field defaults in generated toObject code

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a non-string default...

7.7CVSS0.00392EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/13 2:43 p.m.8 views

CVE-2026-44293 protobufjs: Code injection through bytes field defaults in generated toObject code

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a non-string default...

7.7CVSS5.9AI score0.00392EPSS
Exploits0References1
cve
cve
added 2026/05/13 2:43 p.m.34 views

CVE-2026-44293

CVE-2026-44293 affects protobufjs: prior to versions 7.5.6 and 8.0.2, generated JavaScript for toObject conversion could emit attacker-controlled code from a schema-controlled bytes field default value. A crafted descriptor with a non-string default for a bytes field may cause arbitrary JavaScrip...

8.8CVSS5.9AI score0.00392EPSS
Exploits0References10Affected Software1
cvelist
cvelist
added 2026/05/13 2:42 p.m.62 views

CVE-2026-44292 protobufjs: Prototype injection in generated message constructors

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated message constructors copied enumerable properties from a provided properties object without filtering the proto key. If an application constructed a message from an...

5.3CVSS0.00264EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/13 2:42 p.m.9 views

CVE-2026-44292 protobufjs: Prototype injection in generated message constructors

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated message constructors copied enumerable properties from a provided properties object without filtering the proto key. If an application constructed a message from an...

5.3CVSS5.8AI score0.00264EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/13 2:42 p.m.10 views

CVE-2026-44292

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated message constructors copied enumerable properties from a provided properties object without filtering the proto key. If an application constructed a message from an...

5.3CVSS5.8AI score0.00264EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder