Lucene search
Veracode Vulnerability DatabaseVERACODE:6041HistoryApr 03, 2018 - 4:54 a.m.
Regular Expression Denial Of Service (ReDoS)
2018-04-0304:54:20
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
3
0.001 Low
EPSS
Percentile
26.4%
protobufjs is vulnerable to regular expression denial of service (ReDoS). The attack can be triggered when the attacker parses or loads .proto file sources using malicious file or regex or string.
| CPE | Name | Operator | Version |
|---|---|---|---|
| protobufjs | le | 6.8.5 | |
| protobufjs | le | 6.7.3 | |
| protobufjs | le | 6.8.5 | |
| protobufjs | le | 6.7.3 |
References
github.com/davisjam
github.com/dcodeIO/protobuf.js/blob/6.8.5/src/parse.js#L27
github.com/dcodeIO/protobuf.js/commit/2ee1028d631a328e152d7e09f2a0e0c5c83dc2aa
github.com/dcodeIO/protobuf.js/commit/e7e123aa0b6c05eb4156a761739e37c008a3cbc1
github.com/dcodeIO/protobuf.js/releases
hackerone.com/reports/319576
Related
cvelist
cvelist
CVE-2018-3738
2018-04-26 00:00:00
hackerone
hackerone
prion
prion
Code injection
2018-06-07 02:29:00
nvd
nvd
CVE-2018-3738
2018-06-07 02:29:08
cve
cve
CVE-2018-3738
2018-06-07 02:29:08
osv
osv
Denial of Service in protobufjs
2018-10-09 00:27:15
CVE-2018-3738
2018-06-07 02:29:08
github
github
Denial of Service in protobufjs
2018-10-09 00:27:15