Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/06/22 4:21 p.m.32 views

CVE-2026-48712 protobufjs: Denial of service through unbounded Any expansion during JSON conversion

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.6.1 and 8.4.1, protobufjs could recurse without a depth limit while converting decoded messages to plain objects or JSON. This affected generated toObject conversion and the custom google.protobuf.Any JSON conversio...

7.5CVSS0.00324EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 4:21 p.m.29 views

CVE-2026-48712

The CVE-2026-48712 vulnerability affects protobufjs (JavaScript) in the toObject() conversion path and the google.protobuf.Any JSON conversion path. Prior to versions 7.6.1 and 8.4.1, protobufjs could recurse without a depth limit when converting decoded messages to plain objects/JSON, allowing a...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/15 5:30 p.m.5 views

NPM: protobufjs: Denial of service through unbounded Any expansion during JSON conversion

NPM: protobufjs: Denial of service through unbounded Any expansion during JSON conversion vulnerability discovered by ? in WordPress Npm protobufjs versions = 7.6.0...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/15 5:30 p.m.10 views

GHSA-WCPC-WJ8M-HJX6 protobufjs: Denial of service through unbounded Any expansion during JSON conversion

Summary protobufjs could recurse without a depth limit while converting decoded messages to plain objects or JSON. This affected generated toObject conversion and the custom google.protobuf.Any JSON conversion path. A crafted protobuf binary payload containing deeply nested Any values could cause...

7.5CVSS5.2AI score0.00324EPSS
Exploits0References2
Rows per page
Query Builder