3 matches found
@adriantombu/openstack-swift (>=0.0.1 <=0.0.5), @alicloud/fun (>=2.7.1 <=2.16.5) +637 more potentially affected by CVE-2018-3738 via protobufjs (>=2.0.4 <=5.0.2)
protobufjs NPM version =2.0.4, =0.0.1, =2.7.1, =0.1.0, =1.3.0, =5.0.0, =0.5.1-atomist-update-latest-1540938130032.20181101043939, =0.2.2, =0.2.4-20180621213746, =0.1.0-20180815155955, =0.0.6, =0.5.0, =1.3.329, =3.7.539, =3.7.550 and more Source cves: CVE-2018-3738 Source advisory:...
CVE-2018-3738
protobufjs is vulnerable to ReDoS when parsing crafted invalid .proto files...
CVE-2018-3738
protobufjs is affected by a Denial of Service via a regular expression denial of service when parsing crafted invalid .proto files. Affected versions are prior to 5.0.3 and prior to 6.8.6. Remediation: upgrade to protobufjs 5.0.3 or later, or 6.8.6 or later. The issue arises from ReDoS during par...