29 matches found
Arbitrary Code Injection
Overview protobufjs-cli is a Translates between file formats and generates static code as well as TypeScript definitions. Affected versions of this package are vulnerable to Arbitrary Code Injection via the pbjs static code generation. An attacker can execute arbitrary code by providing crafted...
10minions-engine (>=0.0.1 <=0.0.4), @1amageek/document-propagator (>=0.10.1 <=1.0.0) +1530 more potentially affected by CVE-2026-44295 via protobufjs-cli (>=1.0.0 <=1.1.3)
protobufjs-cli NPM version =1.0.0, =0.0.1, =0.10.1, =1.1.0, =0.4.0, =1.22.0, =6.2.36, =1.0.0, =1.8.0, =0.0.0-beta.0, =1.0.0, =1.0.1, =3.1.0 and more Source cves: CVE-2026-44295 Source advisory: SNYK:JS-PROTOBUFJSCLI-16643441...
Uncontrolled Recursion
Overview protobufjs-cli is a Translates between file formats and generates static code as well as TypeScript definitions. Affected versions of this package are vulnerable to Uncontrolled Recursion through unbounded recursion when decoding nested message fields. An attacker can exhaust the call...
@forwardimpact/libcodegen (>=0.1.47 <=0.1.52) potentially affected by CVE-2026-44289 via protobufjs-cli (=2.0.1)
protobufjs-cli NPM version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on protobufjs-cli and may be impacted: - @forwardimpact/libcodegen =0.1.47, =0.1.52 Source cves: CVE-2026-44289 Source advisory: SNYK:JS-PROTOBUFJSCLI-16643263...
10minions-engine (>=0.0.1 <=0.0.4), @1amageek/document-propagator (>=0.10.1 <=1.0.0) +1530 more potentially affected by CVE-2026-44289 via protobufjs-cli (>=1.0.0 <=1.1.3)
protobufjs-cli NPM version =1.0.0, =0.0.1, =0.10.1, =1.1.0, =0.4.0, =1.22.0, =6.2.36, =1.0.0, =1.8.0, =0.0.0-beta.0, =1.0.0, =1.0.1, =3.1.0 and more Source cves: CVE-2026-44289 Source advisory: SNYK:JS-PROTOBUFJSCLI-16643263...
Command Injection
Overview protobufjs-cli is a Translates between file formats and generates static code as well as TypeScript definitions. Affected versions of this package are vulnerable to Command Injection via pbts. An attacker can execute arbitrary shell commands by supplying file paths containing shell...
@forwardimpact/libcodegen (>=0.1.47 <=0.1.52) potentially affected by CVE-2026-42290 via protobufjs-cli (=2.0.1)
protobufjs-cli NPM version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on protobufjs-cli and may be impacted: - @forwardimpact/libcodegen =0.1.47, =0.1.52 Source cves: CVE-2026-42290 Source advisory: SNYK:JS-PROTOBUFJSCLI-16643433...
10minions-engine (>=0.0.1 <=0.0.4), @1amageek/document-propagator (>=0.10.1 <=1.0.0) +1530 more potentially affected by CVE-2026-42290 via protobufjs-cli (>=1.0.0 <=1.1.3)
protobufjs-cli NPM version =1.0.0, =0.0.1, =0.10.1, =1.1.0, =0.4.0, =1.22.0, =6.2.36, =1.0.0, =1.8.0, =0.0.0-beta.0, =1.0.0, =1.0.1, =3.1.0 and more Source cves: CVE-2026-42290 Source advisory: SNYK:JS-PROTOBUFJSCLI-16643433...
@forwardimpact/libcodegen (>=0.1.47 <=0.1.52) potentially affected by CVE-2026-42290 via protobufjs-cli (=2.0.1)
protobufjs-cli NPM version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on protobufjs-cli and may be impacted: - @forwardimpact/libcodegen =0.1.47, =0.1.52 Source cves: CVE-2026-42290 Source advisory: OSV:GHSA-F84P-CVGM-XGJJ...