Lucene search
K

28 matches found

Snyk
Snyk
added 2026/06/15 5:27 p.m.7 views

Improper Check for Unusual or Exceptional Conditions

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the schema-derived names that collide with runtime-significant properties. An attacker can cause affected message or...

6.9CVSS5.7AI score0.00238EPSS
Exploits0References2
OSV
OSV
added 2026/05/12 3:6 p.m.6 views

GHSA-6R35-46G8-JCW9 protobuf.js: Code injection in pbjs static output from crafted schema names

Summary pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum, service, or derived full names could be written into the generated output without...

8.7CVSS5.9AI score0.00395EPSS
Exploits0References5
OSV
OSV
added 2026/05/12 3:6 p.m.9 views

GHSA-2PR8-PHX7-X9H3 protobuf.js: Denial of service from crafted field names in generated code

Summary protobufjs generated JavaScript property accessors from schema-controlled field and oneof names. Certain control characters in field names were not escaped before being embedded into generated function bodies. A crafted schema or JSON descriptor could therefore cause generated encode,...

5.3CVSS6.2AI score0.00431EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/12 3:1 p.m.20 views

protobuf.js: Process-wide denial of service through unsafe option paths

Summary protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write to properties on global JavaScript constructors, corrupting process-wide built-in...

7.5CVSS6.2AI score0.00374EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/12 3:1 p.m.12 views

GHSA-JVWF-75H9-CWGG protobuf.js: Process-wide denial of service through unsafe option paths

Summary protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write to properties on global JavaScript constructors, corrupting process-wide built-in...

7.5CVSS6.2AI score0.00374EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.13 views

PT-2026-40540

Name of the Vulnerable Software and Affected Versions protobufjs versions prior to 7.5.6 protobufjs versions prior to 8.0.2 Description protobufjs generates JavaScript property accessors from schema-controlled field and oneof names. Certain control characters in field names were not escaped befor...

5.3CVSS5.9AI score0.00431EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/14 5:18 p.m.9 views

org.apache.avro/avro: Apache Avro Java SDK: Code injection on Java generated code

A code injection flaw has been discovered in Apache Avro. This vulnerability manifests when generating specific records from untrusted Avro schemas...

7.3CVSS5.8AI score0.00602EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/14 2:45 p.m.7 views

org.apache.avro/avro: Apache Avro Java SDK: Code injection on Java generated code

A code injection flaw has been discovered in Apache Avro. This vulnerability manifests when generating specific records from untrusted Avro schemas...

7.3CVSS5.8AI score0.00602EPSS
Exploits0References8
Veracode
Veracode
added 2026/02/18 9:5 a.m.10 views

Code Injection

org.apache.avro, avro-compiler is vulnerable to Code Injection. The vulnerability is due to improper validation of untrusted Avro schemas during specific record generation, where attacker-controlled schema content can be incorporated into generated Java source code without sufficient sanitization...

7.3CVSS5.4AI score0.00602EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/02/13 12:31 p.m.5 views

GHSA-RP46-R563-JRC7 Apache Avro Java SDK is Vulnerable to Code Injection

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...

6.9CVSS5.9AI score0.00602EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2026/02/13 12:31 p.m.9 views

Apache Avro Java SDK is Vulnerable to Code Injection

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...

7.3CVSS5.5AI score0.00602EPSS
Exploits0References9Affected Software1
Snyk
Snyk
added 2026/02/13 12:31 p.m.5 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the SpecificCompiler class, when handling untrusted Avro schemas. An attacker can execute code by supplying a malicious schema with commands injected in doc comment values, which can be executed during...

8.8CVSS5.9AI score0.00602EPSS
Exploits0References2
PyPA
PyPA
added 2026/02/13 12:16 p.m.11 views

PYSEC-2026-26

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas.This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version1.12.0.Users are recommended to upgrade to version 1.12.1 or...

7.3CVSS7.2AI score0.00602EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/02/13 12:16 p.m.13 views

PYSEC-2026-26

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...

7.3CVSS7.2AI score0.00602EPSS
Exploits0References2
OSV
OSV
added 2026/02/13 11:47 a.m.7 views

CVE-2025-33042 Apache Avro Java SDK: Code injection on Java generated code

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...

7.3CVSS7.2AI score0.00602EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/13 11:47 a.m.27 views

CVE-2025-33042 Apache Avro Java SDK: Code injection on Java generated code

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...

0.00602EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/13 11:47 a.m.8 views

EUVD-2025-206910

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...

7.3CVSS5.5AI score0.00602EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/13 11:47 a.m.6 views

CVE-2025-33042 Apache Avro Java SDK: Code injection on Java generated code

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...

5.5AI score0.00602EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/13 11:47 a.m.5 views

CVE-2025-33042

Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 o...

5.5AI score0.00602EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/02/13 11:47 a.m.51 views

CVE-2025-33042

CVE-2025-33042 : Improper control of generation of code (Code Injection) in the Apache Avro Java SDK. Affects all versions up to 1.11.4 and 1.12.0; upgrading to 1.12.1 or 1.11.5 fixes the issue. CVSS v3.1 base score 7.3 (HIGH). Connected IBM advisories confirm the same vulnerability and the recom...

7.3CVSS5.5AI score0.00602EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder