com.graphhopper:graphhopper-web-bundle (>=3.0 <=client_hc_no_vehicle), org.webjars.npm:geobuf (=3.0.2) +19 more potentially affected by CVE-2026-5758 via org.webjars.npm:protocol-buffers-schema (=3.6.0)

org.webjars.npm:protocol-buffers-schema MAVEN version =3.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:protocol-buffers-schema and may be impacted: - com.graphhopper:graphhopper-web-bundle =3.0, =1.10.1, =3.0.0-pre.4, =4.0.3,...

EUVD-2021-1100

Malware in sbrugna...

EUVD-2021-1845

Malware in sbrugna...

CVE-2021-29506

GraphHopper is an open-source Java routing engine. In GrassHopper from version 2.0 and before version 2.4, there is a regular expression injection vulnerability that may lead to Denial of Service. This has been patched in 2.4 and 3.0 See this pull request for the fix:...

Malicious code in graphhopper-js-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 528454d3ceaec479832ef3607c05e7f1a1f58026c1a94fcfb2b3835b952d9c2c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3492 Malicious code in graphhopper-js-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 528454d3ceaec479832ef3607c05e7f1a1f58026c1a94fcfb2b3835b952d9c2c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Prototype Pollution in GraphHopper

This affects the package com.graphhopper:graphhopper-web-bundle before 3.2, from 4.0-pre1 and before 4.0. The URL parser could be tricked into adding or modifying properties of Object.prototype using a constructor or proto payload...

GHSA-QHXH-9HHX-6P7V Prototype Pollution in GraphHopper

This affects the package com.graphhopper:graphhopper-web-bundle before 3.2, from 4.0-pre1 and before 4.0. The URL parser could be tricked into adding or modifying properties of Object.prototype using a constructor or proto payload...

Prototype Pollution

graphhopper-web-bundle is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes through URL parser and modify attributes such as proto, constructor and prototype...

CVE-2021-23408

CVE-2021-23408 affects com.graphhopper:graphhopper-web-bundle. The root cause is a prototype pollution in the URL parser that can add/modify properties on Object.prototype via constructor or proto payload. Affected versions: before 3.2, and 4.0-pre1 through before 4.0. Remediation: upgrade to Gra...

CVE-2021-23408

This affects the package com.graphhopper:graphhopper-web-bundle before 3.2, from 4.0-pre1 and before 4.0. The URL parser could be tricked into adding or modifying properties of Object.prototype using a constructor or proto payload...

PT-2021-15499 · Graphhopper · Graphhopper-Web-Bundle

Name of the Vulnerable Software and Affected Versions: com.graphhopper:graphhopper-web-bundle versions prior to 3.2 com.graphhopper:graphhopper-web-bundle versions 4.0-pre1 through 4.0 Description: The issue affects the URL parser, which could be tricked into adding or modifying properties of...

graphhopper 安全漏洞

graphhopper is a software application. A fast and memory efficient Java routing engine, released under the Apache License 2.0. A security vulnerability exists in graphhoppe, which stems from the possibility that the URL parser could be tricked into adding or modifying properties of an Object. The...

Prototype Pollution

Overview com.graphhopper:graphhopper-web-bundle is a GraphHopper routing engine as a web-service Affected versions of this package are vulnerable to Prototype Pollution. The URL parser could be tricked into adding or modifying properties of Object.prototype using a constructor or proto payload. P...

Regular Expression Denial Of Service (ReDoS)

graphhopper-nav is vulnerable to Regular Expression Denial Of Service ReDoS. An attacker is able to crash the application by submitting a malicious url string via the getPointsFromRequest function...

CVE-2021-29506

GraphHopper is an open-source Java routing engine. In GrassHopper from version 2.0 and before version 2.4, there is a regular expression injection vulnerability that may lead to Denial of Service. This has been patched in 2.4 and 3.0 See this pull request for the fix:...

CVE-2021-29506

GraphHopper is an open-source Java routing engine. In GrassHopper from version 2.0 and before version 2.4, there is a regular expression injection vulnerability that may lead to Denial of Service. This has been patched in 2.4 and 3.0 See this pull request for the fix:...

Code injection

GraphHopper is an open-source Java routing engine. In GrassHopper from version 2.0 and before version 2.4, there is a regular expression injection vulnerability that may lead to Denial of Service. This has been patched in 2.4 and 3.0 See this pull request for the fix:...

CVE-2021-29506

GraphHopper CVE-2021-29506 affects GrassHopper 2.0–2.4. The vulnerability is a regular expression injection that may cause Denial of Service. Root cause is in the navigation/regex handling in GrassHopper prior to 2.4. This has been patched in GraphHopper 2.4 and 3.0. Connected advisories and Red ...

CVE-2021-29506 Navigate endpoint is vulnerable to regex injection that may lead to Denial of Service.

GraphHopper is an open-source Java routing engine. In GrassHopper from version 2.0 and before version 2.4, there is a regular expression injection vulnerability that may lead to Denial of Service. This has been patched in 2.4 and 3.0 See this pull request for the fix:...