Launch Week Day 1: Announcing Security Design Review
Start for Free
MEDIUM 5.5 npm

Denial of Service in protobufjs

GHSA-762f-c2wg-m8c8 · CVE-2018-3738

Published · Modified

Description

Versions of protobufjs before 5.0.3 and 6.8.6 are vulnerable to a regular expression denial of service when parsing crafted invalid *.proto files.

Recommendation

Update to version 5.0.3, 6.8.6 or later.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes