Lucene search
K

9 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/07/23 1:20 p.m.14 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to prototype pollution due to the protobufjs package (CVE-2022-25878)

Summary Protobufjs is used by DataStage on Cloud Pak for Data as part of data serialization. Vulnerability Details CVEID:CVE-2022-25878 DESCRIPTION: The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the...

8.2CVSS8.3AI score0.02071EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2022-25878

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This...

8.2CVSS7.9AI score0.02071EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2023/07/05 3:30 p.m.53 views

protobufjs Prototype Pollution vulnerability

protobuf.js aka protobufjs 6.10.0 until 6.11.4 and 7.0.0 until 7.2.4 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and...

9.8CVSS8.4AI score0.01683EPSS
Exploits1References10Affected Software1
Prion
Prion
added 2023/07/05 2:15 p.m.33 views

Design/Logic Flaw

"protobuf.js aka protobufjs 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions...

7.5CVSS8.3AI score0.02071EPSS
Exploits2References5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/04 5:44 p.m.34 views

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer operands may be vulnerable to arbitrary code execution due to CVE-2022-25878

Summary Node.js module protobufjs is used internally by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container IntegrationServer operands may be vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported...

8.2CVSS8.9AI score0.02071EPSS
Exploits1Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/28 12:0 a.m.5 views

@0cfg/rpc-common (>=0.0.1 <=0.1.3), @0cfg/rpc-node (>=0.0.1 <=0.1.3) +311 more potentially affected by CVE-2022-25878 via protobufjs (>=6.11.1 <=6.11.2)

protobufjs NPM version =6.11.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.11, =0.0.2, =0.1.0, =4.0.0, =1.0.0, =0.4.21, =1.0.3, =0.1.0, =0.1.0, =0.4.115, =0.5.167 - @atomist/npm-release-skill =0.1.1-110 and more Source cves: CVE-2022-25878 Source advisory: OSV:GHSA-G954-5HWP-PP24...

8.2CVSS7.1AI score0.02071EPSS
Exploits1
CVE
CVE
added 2022/05/27 8:0 p.m.130 views

CVE-2022-25878

CVE-2022-25878 affects protobufjs with Prototype Pollution (Object.prototype) via untrusted input to util.setProperty, ReflectionObject.setParsedOption, or .proto parsing. Connected docs show a related entry (CVE-2023-36665) describing protobufjs 6.10.0–7.x before 7.2.5 as vulnerable to prototype...

8.2CVSS8.2AI score0.02071EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2022/05/27 8:0 p.m.31 views

CVE-2022-25878 Prototype Pollution

The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption...

8.2CVSS9.1AI score0.02071EPSS
Exploits1References5
vulnersOsv
vulnersOsv
added 2022/04/06 9:47 a.m.6 views

@0cfg/rpc-common (>=0.0.1 <=0.1.3), @0cfg/rpc-node (>=0.0.1 <=0.1.3) +311 more potentially affected by CVE-2022-25878 via protobufjs (>=6.11.1 <=6.11.2)

protobufjs NPM version =6.11.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.11, =0.0.2, =0.1.0, =4.0.0, =1.0.0, =0.4.21, =1.0.3, =0.1.0, =0.1.0, =0.4.115, =0.5.167 - @atomist/npm-release-skill =0.1.1-110 and more Source cves: CVE-2022-25878 Source advisory: SNYK:JS-PROTOBUFJS-2441248...

8.2CVSS7.1AI score0.02071EPSS
Exploits1
Rows per page
Query Builder