protobufjs-cli 2.0.0-experimental

Direct Vulnerabilities

Known vulnerabilities in the protobufjs-cli package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Arbitrary Code Injection protobufjs-cli is a Translates between file formats and generates static code as well as TypeScript definitions. Affected versions of this package are vulnerable to Arbitrary Code Injection via the `pbjs` static code generation. An attacker can execute arbitrary code by providing crafted schema names that are incorporated into generated JavaScript output, which is then executed or imported by the application or build process. How to fix Arbitrary Code Injection? Upgrade `protobufjs-cli` to version 1.2.1, 2.0.2 or higher.	<1.2.1>=2.0.0-experimental <2.0.2
H Command Injection protobufjs-cli is a Translates between file formats and generates static code as well as TypeScript definitions. Affected versions of this package are vulnerable to Command Injection via `pbts`. An attacker can execute arbitrary shell commands by supplying file paths containing shell metacharacters, which are interpreted by the shell when the process constructs and executes a command string. How to fix Command Injection? Upgrade `protobufjs-cli` to version 1.2.1, 2.0.2 or higher.	<1.2.1>=2.0.0-experimental <2.0.2
H Uncontrolled Recursion protobufjs-cli is a Translates between file formats and generates static code as well as TypeScript definitions. Affected versions of this package are vulnerable to Uncontrolled Recursion through unbounded recursion when decoding nested message fields. An attacker can exhaust the call stack and cause the application to crash by supplying specially crafted protobuf binary data containing deeply nested structures. How to fix Uncontrolled Recursion? Upgrade `protobufjs-cli` to version 1.2.1, 2.0.2 or higher.	<1.2.1>=2.0.0-experimental <2.0.2

Vulnerability

Vulnerable Version

Arbitrary Code Injection

protobufjs-cli is a Translates between file formats and generates static code as well as TypeScript definitions.

Affected versions of this package are vulnerable to Arbitrary Code Injection via the pbjs static code generation. An attacker can execute arbitrary code by providing crafted schema names that are incorporated into generated JavaScript output, which is then executed or imported by the application or build process.

How to fix Arbitrary Code Injection?

Upgrade protobufjs-cli to version 1.2.1, 2.0.2 or higher.

<1.2.1>=2.0.0-experimental <2.0.2

Command Injection

protobufjs-cli is a Translates between file formats and generates static code as well as TypeScript definitions.

Affected versions of this package are vulnerable to Command Injection via pbts. An attacker can execute arbitrary shell commands by supplying file paths containing shell metacharacters, which are interpreted by the shell when the process constructs and executes a command string.

How to fix Command Injection?

Upgrade protobufjs-cli to version 1.2.1, 2.0.2 or higher.

<1.2.1>=2.0.0-experimental <2.0.2

Uncontrolled Recursion

protobufjs-cli is a Translates between file formats and generates static code as well as TypeScript definitions.

Affected versions of this package are vulnerable to Uncontrolled Recursion through unbounded recursion when decoding nested message fields. An attacker can exhaust the call stack and cause the application to crash by supplying specially crafted protobuf binary data containing deeply nested structures.

How to fix Uncontrolled Recursion?

Upgrade protobufjs-cli to version 1.2.1, 2.0.2 or higher.

<1.2.1>=2.0.0-experimental <2.0.2

protobufjs-cli@2.0.0-experimental

Translates between file formats and generates static code as well as TypeScript definitions.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically