Lucene search
K

5 matches found

Snyk
Snyk
added 2026/06/15 8:13 p.m.12 views

Arbitrary Code Injection

Overview protobufjs-cli is a Translates between file formats and generates static code as well as TypeScript definitions. Affected versions of this package are vulnerable to Arbitrary Code Injection via the pbjs static code generation. An attacker can execute arbitrary code by providing crafted...

8.2CVSS6.2AI score0.00228EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 8:13 p.m.12 views

Arbitrary Code Injection

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Arbitrary Code Injection via the pbjs static code generation. An attacker can execute arbitrary code by providing crafted schema names that are incorporated into generated...

8.2CVSS6.5AI score0.00228EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 8:13 p.m.7 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the pbjs static code generation. An attacker can execute arbitrary code by providing crafted schema names that are incorporated into generated JavaScript output, which is then executed or imported by the...

8.2CVSS6.2AI score0.00228EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/13 2:50 p.m.9 views

CVE-2026-44295 protobufjs-cli: Code injection in pbjs static output from crafted schema names

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum,...

8.7CVSS5.9AI score0.00395EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/21 2:8 a.m.3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection due to improper quoting of schema names in the PostgreSQL database secrets engine during the role revocation process. An attacker can execute arbitrary SQL commands as the management user by supplying crafted schema names...

5.8CVSS6.2AI score0.00235EPSS
Exploits0References2
Rows per page
Query Builder