Skip to main content

Protobuf Js

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-45740 npm MEDIUM POC PATCH GHSA This Month

Uncontrolled recursion in protobufjs versions prior to 7.5.8 and 8.2.0 allows remote attackers to exhaust the JavaScript call stack by providing crafted JSON descriptors with deeply nested namespace definitions to Root.fromJSON() or Namespace.addJSON(), causing a denial of service. The vulnerability requires only network access and no authentication, though exploitation depends on the application parsing untrusted protobuf JSON descriptors.

Information Disclosure Protobuf Js
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-45740 npm
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

Uncontrolled recursion in protobufjs versions prior to 7.5.8 and 8.2.0 allows remote attackers to exhaust the JavaScript call stack by providing crafted JSON descriptors with deeply nested namespace definitions to Root.fromJSON() or Namespace.addJSON(), causing a denial of service. The vulnerability requires only network access and no authentication, though exploitation depends on the application parsing untrusted protobuf JSON descriptors.

Information Disclosure Protobuf Js
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy