Lucene search
K
Protobufjs ProjectProtobufjs-cli

4 matches found

CVE
CVE
added 2026/05/13 2:49 p.m.19 views

CVE-2026-42290

Summary: The vulnerability affects protobufjs-cli’s pbts command. In versions before 1.2.1 and 2.0.2, pbts builds a shell command string from input file paths and runs it via child_process.exec, allowing file paths containing shell metacharacters to be interpreted by the shell. This can enable OS...

7.8CVSS5.8AI score0.00132EPSS
CVE
CVE
added 2026/05/13 2:50 p.m.18 views

CVE-2026-44295

The CVE-2026-44295 entry concerns protobufjs-cli (pbjs) static code generation. The issue: when generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum, service, or derived full names could be written into the output without sufficient sanitization, enabling...

8.7CVSS5.9AI score0.00395EPSS
CVE
CVE
added 2026/06/22 4:16 p.m.17 views

CVE-2026-54271

The CVE-2026-54271 entry concerns protobufjs-cli (pbjs) static code generation, where insecure handling of pre-parsed JSON descriptors could lead to attacker-controlled JavaScript in generated output. Concrete details across connected sources show that protobufjs-cli versions prior to the fixed r...

8.2CVSS5.9AI score0.00228EPSS
CVE
CVE
added 2026/06/22 4:23 p.m.13 views

CVE-2026-54269

CVE-2026-54269 affects protobufjs. Prior to versions 8.6.0 and 7.6.3 , schema-derived names could collide with runtime helper properties (e.g., fields named hasOwnProperty, names like $type, and rpcCall). When loaded schemas are used, protobufjs could read schema-controlled data where an own-prop...

5.3CVSS5.9AI score0.00238EPSS