Incorrect Regular Expression
CVE-2018-3738
Summary
Versions of protobufjs before 5.0.3 and 6.8.6 are vulnerable to ReDoS when parsing crafted invalid .proto files.
- LOW
- LOCAL
- NONE
- UNCHANGED
- REQUIRED
- NONE
- NONE
- HIGH
CWE-185 - Incorrect Regular Expression
The software specifies a regular expression in a way that causes data to be improperly matched or compared.
References
Advisory Timeline
- Published