Protobufjs Security Vulnerabilities and Issues — Protobufjs CVE List

Lucene search

Protobufjs ProjectProtobufjs

3 matches found

CVE•added 2023/07/05 2:15 p.m.•227 views

CVE-2023-36665

"protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions. Explo...

9.8CVSS8.3AI score0.01673EPSS

CVE•added 2022/05/27 8:15 p.m.•105 views

CVE-2022-25878

The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption fun...

8.2CVSS8.2AI score0.00393EPSS

CVE•added 2018/06/07 2:29 a.m.•38 views

CVE-2018-3738

protobufjs is vulnerable to ReDoS when parsing crafted invalid .proto files.

5.5CVSS5.3AI score0.00385EPSS