Lucene search
K

287 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 10:55 a.m.7 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js modules fast-uri and protobufjs (CVE-2026-6322, CVE-2026-45740 & CVE-2026-6321)

Summary IBM App Connect Enterprise runtime and IBM App Connect Enterprise Discovery Connectors are vulnerable to multiple vulnerabilities due to Node.js modules fast-uri and protobufjs. Vulnerability Details CVEID:CVE-2026-6322 DESCRIPTION: fast-uri normalize decoded percent-encoded authority...

7.5CVSS5.3AI score0.00521EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/15 8:13 p.m.5 views

NPM: protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names

NPM: protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names vulnerability discovered by ? in WordPress Npm protobufjs-cli versions = 1.3.1...

8.2CVSS5.8AI score0.00228EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/15 8:13 p.m.12 views

Arbitrary Code Injection

Overview protobufjs-cli is a Translates between file formats and generates static code as well as TypeScript definitions. Affected versions of this package are vulnerable to Arbitrary Code Injection via the pbjs static code generation. An attacker can execute arbitrary code by providing crafted...

8.2CVSS6.2AI score0.00228EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 8:13 p.m.11 views

Arbitrary Code Injection

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Arbitrary Code Injection via the pbjs static code generation. An attacker can execute arbitrary code by providing crafted schema names that are incorporated into generated...

8.2CVSS6.5AI score0.00228EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 8:13 p.m.7 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the pbjs static code generation. An attacker can execute arbitrary code by providing crafted schema names that are incorporated into generated JavaScript output, which is then executed or imported by the...

8.2CVSS6.2AI score0.00228EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 8:13 p.m.11 views

protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names

Summary A previous fix for unsafe name handling in pbjs static / static-module code generation was incomplete. Affected versions of protobufjs-cli could still emit unsafe JavaScript references when generating static output from crafted JSON descriptor input. The common case of parsing schemas fro...

8.7CVSS5.9AI score0.00395EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/15 8:13 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling during binary decoding. An attacker can cause excessive memory usage by supplying crafted protobuf binary data containing...

6.9CVSS6.1AI score0.00293EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/15 8:13 p.m.4 views

NPM: protobufjs: Memory amplification from preserved unknown fields in binary decode

NPM: protobufjs: Memory amplification from preserved unknown fields in binary decode vulnerability discovered by ? in WordPress Npm protobufjs versions = 8.2.0, = 8.4.2...

5.3CVSS5.8AI score0.00293EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/15 8:13 p.m.4 views

GHSA-94RC-8X27-4472 protobufjs: Memory amplification from preserved unknown fields in binary decode

Summary protobufjs 8.2.0 added support for preserving unknown fields encountered during binary decode. Affected versions preserved unknown wire elements in message.$unknowns and did not provide a decode-time option to discard unknown fields before retaining them. A crafted protobuf payload...

5.3CVSS5.3AI score0.00293EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 8:13 p.m.8 views

protobufjs: Memory amplification from preserved unknown fields in binary decode

Summary protobufjs 8.2.0 added support for preserving unknown fields encountered during binary decode. Affected versions preserved unknown wire elements in message.$unknowns and did not provide a decode-time option to discard unknown fields before retaining them. A crafted protobuf payload...

5.3CVSS5.3AI score0.00293EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 5:30 p.m.5 views

NPM: protobufjs: Denial of service through unbounded Any expansion during JSON conversion

NPM: protobufjs: Denial of service through unbounded Any expansion during JSON conversion vulnerability discovered by ? in WordPress Npm protobufjs versions = 7.6.0...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/15 5:30 p.m.7 views

Uncontrolled Recursion

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Uncontrolled Recursion during the JSON conversion. An attacker can exhaust the call stack and cause the application to crash by supplying crafted protobuf binary data containi...

8.7CVSS6.1AI score0.00324EPSS
Exploits0References2
OSV
OSV
added 2026/06/15 5:30 p.m.10 views

GHSA-WCPC-WJ8M-HJX6 protobufjs: Denial of service through unbounded Any expansion during JSON conversion

Summary protobufjs could recurse without a depth limit while converting decoded messages to plain objects or JSON. This affected generated toObject conversion and the custom google.protobuf.Any JSON conversion path. A crafted protobuf binary payload containing deeply nested Any values could cause...

7.5CVSS5.2AI score0.00324EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 5:30 p.m.14 views

protobufjs: Denial of service through unbounded Any expansion during JSON conversion

Summary protobufjs could recurse without a depth limit while converting decoded messages to plain objects or JSON. This affected generated toObject conversion and the custom google.protobuf.Any JSON conversion path. A crafted protobuf binary payload containing deeply nested Any values could cause...

7.5CVSS5.2AI score0.00324EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/15 5:27 p.m.9 views

GHSA-F38Q-MGVJ-VPH7 protobufjs : Schema-derived names can shadow runtime-significant properties

Summary protobufjs accepted certain schema-derived names that could collide with properties used by protobufjs runtime helpers. The known affected names are fields named hasOwnProperty, field or oneof names such as $type when loaded through protobufjs JSON/reflection descriptors, and service...

5.3CVSS5.7AI score0.00238EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/15 5:27 p.m.11 views

NPM: protobufjs : Schema-derived names can shadow runtime-significant properties

NPM: protobufjs : Schema-derived names can shadow runtime-significant properties vulnerability discovered by ? in WordPress Npm protobufjs-cli versions = 1.3.2...

5.3CVSS5.8AI score0.00238EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 5:27 p.m.5 views

NPM: protobufjs : Schema-derived names can shadow runtime-significant properties

NPM: protobufjs : Schema-derived names can shadow runtime-significant properties vulnerability discovered by ? in WordPress Npm protobufjs versions = 7.6.2...

5.3CVSS5.8AI score0.00238EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/15 5:27 p.m.7 views

Improper Check for Unusual or Exceptional Conditions

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the schema-derived names that collide with runtime-significant properties. An attacker can cause affected message or...

6.9CVSS5.7AI score0.00238EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 5:27 p.m.8 views

Improper Check for Unusual or Exceptional Conditions

Overview protobufjs-cli is a Translates between file formats and generates static code as well as TypeScript definitions. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the schema-derived names that collide with runtime-significant...

6.9CVSS5.6AI score0.00238EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 5:27 p.m.16 views

protobufjs : Schema-derived names can shadow runtime-significant properties

Summary protobufjs accepted certain schema-derived names that could collide with properties used by protobufjs runtime helpers. The known affected names are fields named hasOwnProperty, field or oneof names such as $type when loaded through protobufjs JSON/reflection descriptors, and service...

5.3CVSS5.7AI score0.00238EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder