com.graphhopper:graphhopper-web-bundle (>=3.0 <=client_hc_no_vehicle), org.webjars.npm:geobuf (=3.0.2) +19 more potentially affected by CVE-2026-5758 via org.webjars.npm:protocol-buffers-schema (=3.6.0)

org.webjars.npm:protocol-buffers-schema MAVEN version =3.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:protocol-buffers-schema and may be impacted: - com.graphhopper:graphhopper-web-bundle =3.0, =1.10.1, =3.0.0-pre.4, =4.0.3,...

EUVD-2021-1100

Malware in sbrugna...

EUVD-2021-1845

Malware in sbrugna...

CVE-2021-29506

GraphHopper is an open-source Java routing engine. In GrassHopper from version 2.0 and before version 2.4, there is a regular expression injection vulnerability that may lead to Denial of Service. This has been patched in 2.4 and 3.0 See this pull request for the fix:...

Malicious code in graphhopper-js-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 528454d3ceaec479832ef3607c05e7f1a1f58026c1a94fcfb2b3835b952d9c2c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3492 Malicious code in graphhopper-js-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 528454d3ceaec479832ef3607c05e7f1a1f58026c1a94fcfb2b3835b952d9c2c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GHSA-QHXH-9HHX-6P7V Prototype Pollution in GraphHopper

This affects the package com.graphhopper:graphhopper-web-bundle before 3.2, from 4.0-pre1 and before 4.0. The URL parser could be tricked into adding or modifying properties of Object.prototype using a constructor or proto payload...

Prototype Pollution in GraphHopper

This affects the package com.graphhopper:graphhopper-web-bundle before 3.2, from 4.0-pre1 and before 4.0. The URL parser could be tricked into adding or modifying properties of Object.prototype using a constructor or proto payload...

Prototype Pollution

graphhopper-web-bundle is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes through URL parser and modify attributes such as proto, constructor and prototype...

CVE-2021-23408

CVE-2021-23408 affects com.graphhopper:graphhopper-web-bundle. The root cause is a prototype pollution in the URL parser that can add/modify properties on Object.prototype via constructor or proto payload. Affected versions: before 3.2, and 4.0-pre1 through before 4.0. Remediation: upgrade to Gra...

CVE-2021-23408

This affects the package com.graphhopper:graphhopper-web-bundle before 3.2, from 4.0-pre1 and before 4.0. The URL parser could be tricked into adding or modifying properties of Object.prototype using a constructor or proto payload...

graphhopper 安全漏洞

graphhopper is a software application. A fast and memory efficient Java routing engine, released under the Apache License 2.0. A security vulnerability exists in graphhoppe, which stems from the possibility that the URL parser could be tricked into adding or modifying properties of an Object. The...

PT-2021-15499 · Graphhopper · Graphhopper-Web-Bundle

Name of the Vulnerable Software and Affected Versions: com.graphhopper:graphhopper-web-bundle versions prior to 3.2 com.graphhopper:graphhopper-web-bundle versions 4.0-pre1 through 4.0 Description: The issue affects the URL parser, which could be tricked into adding or modifying properties of...

Prototype Pollution

Overview com.graphhopper:graphhopper-web-bundle is a GraphHopper routing engine as a web-service Affected versions of this package are vulnerable to Prototype Pollution. The URL parser could be tricked into adding or modifying properties of Object.prototype using a constructor or proto payload. P...

Regular Expression Denial Of Service (ReDoS)

graphhopper-nav is vulnerable to Regular Expression Denial Of Service ReDoS. An attacker is able to crash the application by submitting a malicious url string via the getPointsFromRequest function...

CVE-2021-29506

GraphHopper is an open-source Java routing engine. In GrassHopper from version 2.0 and before version 2.4, there is a regular expression injection vulnerability that may lead to Denial of Service. This has been patched in 2.4 and 3.0 See this pull request for the fix:...

CVE-2021-29506

GraphHopper is an open-source Java routing engine. In GrassHopper from version 2.0 and before version 2.4, there is a regular expression injection vulnerability that may lead to Denial of Service. This has been patched in 2.4 and 3.0 See this pull request for the fix:...

Code injection

GraphHopper is an open-source Java routing engine. In GrassHopper from version 2.0 and before version 2.4, there is a regular expression injection vulnerability that may lead to Denial of Service. This has been patched in 2.4 and 3.0 See this pull request for the fix:...

CVE-2021-29506 Navigate endpoint is vulnerable to regex injection that may lead to Denial of Service.

GraphHopper is an open-source Java routing engine. In GrassHopper from version 2.0 and before version 2.4, there is a regular expression injection vulnerability that may lead to Denial of Service. This has been patched in 2.4 and 3.0 See this pull request for the fix:...

CVE-2021-29506

GraphHopper CVE-2021-29506 affects GrassHopper 2.0–2.4. The vulnerability is a regular expression injection that may cause Denial of Service. Root cause is in the navigation/regex handling in GrassHopper prior to 2.4. This has been patched in GraphHopper 2.4 and 3.0. Connected advisories and Red ...