Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Lifecycle Timeline
5Blast Radius
ecosystem impact- 23,657 npm packages depend on protocol-buffers-schema (74 direct, 23,592 indirect)
Ecosystem-wide dependent count for version 3.6.1.
DescriptionCVE.org
JavaScript is vulnerable to prototype pollution in Mafintosh's protocol-buffers-schema Version 3.6.0, where an attacker may alter the application logic, bypass security checks, cause a DoS or achieve remote code execution.
Analysis
JavaScript is vulnerable to prototype pollution in Mafintosh's protocol-buffers-schema Version 3.6.0, where an attacker may alter the application logic, bypass security checks, cause a DoS or achieve remote code execution.
Vendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22993