com.graphhopper:graphhopper-web-bundle (>=3.0 <=client_hc_no_vehicle), org.webjars.npm:geobuf (=3.0.2) +19 more potentially affected by CVE-2026-5758 via org.webjars.npm:protocol-buffers-schema (=3.6.0)

org.webjars.npm:protocol-buffers-schema MAVEN version =3.6.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:protocol-buffers-schema and may be impacted: - com.graphhopper:graphhopper-web-bundle =3.0, =1.10.1, =3.0.0-pre.4, =4.0.3,...

EUVD-2021-1845

Malware in sbrugna...

Prototype Pollution

graphhopper-web-bundle is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes through URL parser and modify attributes such as proto, constructor and prototype...

CVE-2021-23408

This affects the package com.graphhopper:graphhopper-web-bundle before 3.2, from 4.0-pre1 and before 4.0. The URL parser could be tricked into adding or modifying properties of Object.prototype using a constructor or proto payload...

PT-2021-15499 · Graphhopper · Graphhopper-Web-Bundle

Name of the Vulnerable Software and Affected Versions: com.graphhopper:graphhopper-web-bundle versions prior to 3.2 com.graphhopper:graphhopper-web-bundle versions 4.0-pre1 through 4.0 Description: The issue affects the URL parser, which could be tricked into adding or modifying properties of...