CVE-2026-41242 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type"…
Critical CVSS: 9.4

CVE-2026-41242

protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of protobuf definitions, which will then execute during object decoding using that definition. Versions 8.0.1 and 7.5.5 patch the issue.
Vendor
-
Product
-
CWE
CWE-94
Yayın Tarihi
2026-04-18 17:16:13
Güncelleme
2026-04-18 17:16:13
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-94 CRITICAL 2026

Referanslar

https://github.com/protobufjs/protobuf.js/commit/535df444ac060243722ac5d672db205e5c531d75 https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956 https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v7.5.5 https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v8.0.1 https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-xq3m-2v4x-88gg