2 matches found
Arbitrary Code Injection
Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Arbitrary Code Injection in the toObject function when handling a schema-controlled bytes field default value. An attacker can execute arbitrary JavaScript code by providing a...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the toObject function when handling a schema-controlled bytes field default value. An attacker can execute arbitrary JavaScript code by providing a crafted descriptor with a malicious default value for a byte...