Lucene search
+L

307 matches found

redhatcve
redhatcve
added 6 days ago8 views

CVE-2026-59876

A flaw was found in protobufjs. The Text Format extension, responsible for compiling protobuf definitions into JavaScript functions, improperly parsed string-keyed map entries. This allowed a specially crafted map entry with the key proto to modify the prototype of the returned map object. An...

4.8CVSS6AI score0.00219EPSS
Exploits0References7
redhat
redhat
added last week5 views

protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors

A flaw was found in protobufjs, a library used to compile protobuf definitions into JavaScript functions. A remote attacker could exploit this vulnerability by providing a crafted descriptor that includes a non-string default value for a bytes field. This could lead to the generation of an unsafe...

8.8CVSS6.2AI score0.00392EPSS
Exploits0References5
snyk
snyk
added 2026/07/08 6:47 p.m.6 views

Prototype Pollution

Overview protobufjs-cli is a Translates between file formats and generates static code as well as TypeScript definitions. Affected versions of this package are vulnerable to Prototype Pollution through the textformat file. An attacker can modify the prototype of the returned map object by supplyi...

8.3CVSS6.4AI score0.00219EPSS
Exploits0References2
snyk
snyk
added 2026/07/08 6:47 p.m.16 views

Prototype Pollution

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Prototype Pollution through the textformat file. An attacker can modify the prototype of the returned map object by supplying a specially crafted map entry with the key proto...

8.3CVSS6.5AI score0.00219EPSS
Exploits0References2
nvd
nvd
added 2026/07/08 4:16 p.m.12 views

CVE-2026-59876

protobufjs compiles protobuf definitions into JavaScript JS functions. From 8.2.0 until 8.6.5, the protobufjs Text Format extension parsed string-keyed map entries using ordinary property assignment, allowing a map entry with key proto to change the prototype of the returned map object instead of...

4.8CVSS0.00219EPSS
Exploits0References4
nvd
nvd
added 2026/07/08 4:16 p.m.13 views

CVE-2026-59877

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.6.5 and 8.6.6, protobufjs parsed option names by advancing through schema tokens until reaching an = token without checking for end of input, so a crafted .proto schema that opens an option declaration and ends...

7.5CVSS0.0037EPSS
Exploits0References6
osv
osv
added 2026/07/08 3:31 p.m.4 views

CVE-2026-59876 protobufjs: Text Format string map parsing can mutate returned map object prototype

protobufjs compiles protobuf definitions into JavaScript JS functions. From 8.2.0 until 8.6.5, the protobufjs Text Format extension parsed string-keyed map entries using ordinary property assignment, allowing a map entry with key proto to change the prototype of the returned map object instead of...

4.8CVSS6.1AI score0.00219EPSS
Exploits0References6
cvelist
cvelist
added 2026/07/08 3:31 p.m.31 views

CVE-2026-59876 protobufjs: Text Format string map parsing can mutate returned map object prototype

protobufjs compiles protobuf definitions into JavaScript JS functions. From 8.2.0 until 8.6.5, the protobufjs Text Format extension parsed string-keyed map entries using ordinary property assignment, allowing a map entry with key proto to change the prototype of the returned map object instead of...

4.8CVSS0.00219EPSS
Exploits0References4
cve
cve
added 2026/07/08 3:31 p.m.8 views

CVE-2026-59876

CVE-2026-59876 affects protobufjs (Text Format extension) where, from 8.2.0 through 8.6.5, string-keyed map entries were parsed via ordinary property assignment, allowing a map entry with key proto to mutate the prototype of the returned map instead of creating an own entry in protobufjs/ext/text...

4.8CVSS6AI score0.00219EPSS
Exploits0References4Affected Software1
osv
osv
added 2026/07/08 3:28 p.m.5 views

CVE-2026-59877 protobufjs: Denial of Service via infinite loop in .proto option parsing

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.6.5 and 8.6.6, protobufjs parsed option names by advancing through schema tokens until reaching an = token without checking for end of input, so a crafted .proto schema that opens an option declaration and ends...

5.3CVSS6.1AI score0.0037EPSS
Exploits0References8
cve
cve
added 2026/07/08 3:28 p.m.8 views

CVE-2026-59877

Summary: The CVE affects protobufjs, where the .proto parser could enter an infinite loop. Affected component: protobufjs (parsing of protobuf definitions to JS functions). Root cause: while parsing option declarations, the parser advances through tokens until an '=' is found without checking for...

7.5CVSS6AI score0.0037EPSS
Exploits0References6Affected Software1
euvd
euvd
added 2026/07/08 3:28 p.m.5 views

EUVD-2026-42310

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.6.5 and 8.6.6, protobufjs parsed option names by advancing through schema tokens until reaching an = token without checking for end of input, so a crafted .proto schema that opens an option declaration and ends...

5.3CVSS6AI score0.0037EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.11 views

PT-2026-56496

Name of the Vulnerable Software and Affected Versions protobufjs versions 8.2.0 through 8.6.4 Description The protobufjs Text Format extension parses string-keyed map entries using ordinary property assignment. This allows a map entry with the key proto to modify the prototype of the returned map...

4.8CVSS6.1AI score0.00219EPSS
Exploits0References9
nessus
nessus
added 2026/07/06 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-45740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth limit while expanding...

7.5CVSS6AI score0.00263EPSS
Exploits0References2
osv
osv
added 2026/07/03 11:18 a.m.8 views

ROOT-APP-NPM-CVE-2026-48712 CVE-2026-48712 in @rootio/protobufjs - Patched by Root

Root has patched CVE-2026-48712 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.00324EPSS
Exploits0
osv
osv
added 2026/07/03 11:17 a.m.10 views

ROOT-APP-NPM-CVE-2026-44290 CVE-2026-44290 in @rootio/protobufjs - Patched by Root

Root has patched CVE-2026-44290 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.00374EPSS
Exploits0
osv
osv
added 2026/07/03 11:17 a.m.9 views

ROOT-APP-NPM-CVE-2026-44292 CVE-2026-44292 in @rootio/protobufjs - Patched by Root

Root has patched CVE-2026-44292 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...

5.3CVSS5.4AI score0.00264EPSS
Exploits0
osv
osv
added 2026/07/03 11:17 a.m.12 views

ROOT-APP-NPM-CVE-2026-44289 CVE-2026-44289 in @rootio/protobufjs - Patched by Root

Root has patched CVE-2026-44289 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.0058EPSS
Exploits0
osv
osv
added 2026/07/03 11:17 a.m.8 views

ROOT-APP-NPM-CVE-2026-41242 CVE-2026-41242 in @rootio/protobufjs - Patched by Root

Root has patched CVE-2026-41242 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...

9.8CVSS5.6AI score0.00745EPSS
Exploits1
osv
osv
added 2026/07/03 11:17 a.m.11 views

ROOT-APP-NPM-CVE-2026-44288 CVE-2026-44288 in @rootio/protobufjs - Patched by Root

Root has patched CVE-2026-44288 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...

5.3CVSS5.4AI score0.00301EPSS
Exploits0
Rows per page
Query Builder