RHSA-2026:37385

Vulnerability from csaf_redhat - Published: 2026-07-09 14:49 - Updated: 2026-07-09 18:00
Summary
Red Hat Security Advisory: rh-podman-desktop security advisory update
Severity
Important
Notes
Topic: A security advisory update for rh-podman-desktop is now available for Red Hat Enterprise Linux 10.
Details: Red Hat build of Podman Desktop is a graphical tool for managing containers using Podman. It allows users to run, manage, and configure containers and container images using a desktop GUI. Most notable CVE and Bug Fix(es) and Enhancement(s): * Issues for CVE fix 1.1.1 (JIRA:RHDESK-595) * Fix for RHDESK-529, RHDESK-530, RHDESK-531 - "fast-uri: Path traversal vulnerability allows bypass of security policies (CVE-2026-6321)" * Fix for RHDESK-611 - "protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors (CVE-2026-44293)" * Fix for RHDESK-640 - "fast-uri: URI authority bypass due to improper delimiter handling (CVE-2026-6322)"
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by providing a specially crafted Uniform Resource Locator (URL) containing percent-encoded path separators and dot segments. Due to incorrect processing, fast-uri would decode these elements before proper normalization, leading to distinct URLs resolving to the same internal path. This could allow an attacker to bypass security policies that rely on path-based comparisons, potentially gaining unauthorized access to resources.

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Affected products
Product Identifier Version Remediation
Unresolved product id: Extensions-10.2.Z:rh-podman-desktop-0:1.1.1-1.el10_2.src
Vendor Fix fix
Unresolved product id: Extensions-10.2.Z:rh-podman-desktop-0:1.1.1-1.el10_2.x86_64
Vendor Fix fix
Threats
Impact Important

A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier (URI) that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw separators, which can change the URI's intended authority. This issue allows applications that perform host allowlist checks, redirect validation, or outbound request routing to be steered to a different authority than specified, potentially bypassing security controls.

CWE-140 - Improper Neutralization of Delimiters
Affected products
Product Identifier Version Remediation
Unresolved product id: Extensions-10.2.Z:rh-podman-desktop-0:1.1.1-1.el10_2.src
Vendor Fix fix
Unresolved product id: Extensions-10.2.Z:rh-podman-desktop-0:1.1.1-1.el10_2.x86_64
Vendor Fix fix
Threats
Impact Important

A flaw was found in protobufjs, a library used to compile protobuf definitions into JavaScript functions. A remote attacker could exploit this vulnerability by providing a crafted descriptor that includes a non-string default value for a bytes field. This could lead to the generation of an unsafe expression within the toObject conversion function, ultimately allowing the attacker to execute arbitrary code.

CWE-94 - Improper Control of Generation of Code ('Code Injection')
Affected products
Product Identifier Version Remediation
Unresolved product id: Extensions-10.2.Z:rh-podman-desktop-0:1.1.1-1.el10_2.src
Vendor Fix fix
Workaround
Unresolved product id: Extensions-10.2.Z:rh-podman-desktop-0:1.1.1-1.el10_2.x86_64
Vendor Fix fix
Workaround
Threats
Impact Important

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A security advisory update for rh-podman-desktop is now available for Red Hat Enterprise Linux 10.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat build of Podman Desktop is a graphical tool for managing containers using Podman. It allows users to run, manage, and configure containers and container images using a desktop GUI.\n\nMost notable CVE and Bug Fix(es) and Enhancement(s):\n\n* Issues for CVE fix 1.1.1 (JIRA:RHDESK-595) \n* Fix for RHDESK-529, RHDESK-530, RHDESK-531 - \"fast-uri: Path traversal vulnerability allows bypass of security policies (CVE-2026-6321)\"\n* Fix for RHDESK-611 - \"protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors (CVE-2026-44293)\"\n * Fix for RHDESK-640 - \"fast-uri: URI authority bypass due to improper delimiter handling (CVE-2026-6322)\"",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:37385",
        "url": "https://access.redhat.com/errata/RHSA-2026:37385"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "RHEL-182245",
        "url": "https://issues.redhat.com/browse/RHEL-182245"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_37385.json"
      }
    ],
    "title": "Red Hat Security Advisory: rh-podman-desktop security advisory update",
    "tracking": {
      "current_release_date": "2026-07-09T18:00:56+00:00",
      "generator": {
        "date": "2026-07-09T18:00:56+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.3.2"
        }
      },
      "id": "RHSA-2026:37385",
      "initial_release_date": "2026-07-09T14:49:43+00:00",
      "revision_history": [
        {
          "date": "2026-07-09T14:49:43+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-07-09T14:49:43+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-07-09T18:00:56+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Extensions Channel (v. 10)",
                "product": {
                  "name": "Red Hat Enterprise Linux Extensions Channel (v. 10)",
                  "product_id": "Extensions-10.2.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:10.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rh-podman-desktop-0:1.1.1-1.el10_2.src",
                "product": {
                  "name": "rh-podman-desktop-0:1.1.1-1.el10_2.src",
                  "product_id": "rh-podman-desktop-0:1.1.1-1.el10_2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-podman-desktop@1.1.1-1.el10_2?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rh-podman-desktop-0:1.1.1-1.el10_2.x86_64",
                "product": {
                  "name": "rh-podman-desktop-0:1.1.1-1.el10_2.x86_64",
                  "product_id": "rh-podman-desktop-0:1.1.1-1.el10_2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/rh-podman-desktop@1.1.1-1.el10_2?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-podman-desktop-0:1.1.1-1.el10_2.src as a component of Red Hat Enterprise Linux Extensions Channel (v. 10)",
          "product_id": "Extensions-10.2.Z:rh-podman-desktop-0:1.1.1-1.el10_2.src"
        },
        "product_reference": "rh-podman-desktop-0:1.1.1-1.el10_2.src",
        "relates_to_product_reference": "Extensions-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-podman-desktop-0:1.1.1-1.el10_2.x86_64 as a component of Red Hat Enterprise Linux Extensions Channel (v. 10)",
          "product_id": "Extensions-10.2.Z:rh-podman-desktop-0:1.1.1-1.el10_2.x86_64"
        },
        "product_reference": "rh-podman-desktop-0:1.1.1-1.el10_2.x86_64",
        "relates_to_product_reference": "Extensions-10.2.Z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-6321",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2026-05-04T20:01:14.938426+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2466582"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by providing a specially crafted Uniform Resource Locator (URL) containing percent-encoded path separators and dot segments. Due to incorrect processing, fast-uri would decode these elements before proper normalization, leading to distinct URLs resolving to the same internal path. This could allow an attacker to bypass security policies that rely on path-based comparisons, potentially gaining unauthorized access to resources.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Extensions-10.2.Z:rh-podman-desktop-0:1.1.1-1.el10_2.src",
          "Extensions-10.2.Z:rh-podman-desktop-0:1.1.1-1.el10_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-6321"
        },
        {
          "category": "external",
          "summary": "RHBZ#2466582",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466582"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-6321",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6321"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6321",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6321"
        },
        {
          "category": "external",
          "summary": "https://cna.openjsf.org/security-advisories.html",
          "url": "https://cna.openjsf.org/security-advisories.html"
        },
        {
          "category": "external",
          "summary": "https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6",
          "url": "https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6"
        }
      ],
      "release_date": "2026-05-04T19:31:57.253000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-07-09T14:49:43+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Extensions-10.2.Z:rh-podman-desktop-0:1.1.1-1.el10_2.src",
            "Extensions-10.2.Z:rh-podman-desktop-0:1.1.1-1.el10_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:37385"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Extensions-10.2.Z:rh-podman-desktop-0:1.1.1-1.el10_2.src",
            "Extensions-10.2.Z:rh-podman-desktop-0:1.1.1-1.el10_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies"
    },
    {
      "cve": "CVE-2026-6322",
      "cwe": {
        "id": "CWE-140",
        "name": "Improper Neutralization of Delimiters"
      },
      "discovery_date": "2026-05-05T11:01:00.332189+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2466684"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier (URI) that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw separators, which can change the URI\u0027s intended authority. This issue allows applications that perform host allowlist checks, redirect validation, or outbound request routing to be steered to a different authority than specified, potentially bypassing security controls.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "fast-uri: fast-uri: URI authority bypass due to improper delimiter handling",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This Important flaw in the `fast-uri` library allows an attacker to bypass security controls in Red Hat products that process Uniform Resource Identifiers (URIs). By crafting a malicious URI with percent-encoded authority delimiters, an attacker can cause the library to incorrectly interpret the URI\u0027s authority, potentially redirecting applications to an unintended domain. This could lead to a bypass of host allowlist checks, redirect validation, or outbound request routing.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Extensions-10.2.Z:rh-podman-desktop-0:1.1.1-1.el10_2.src",
          "Extensions-10.2.Z:rh-podman-desktop-0:1.1.1-1.el10_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-6322"
        },
        {
          "category": "external",
          "summary": "RHBZ#2466684",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466684"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-6322",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6322"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6322",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6322"
        },
        {
          "category": "external",
          "summary": "https://cna.openjsf.org/security-advisories.html",
          "url": "https://cna.openjsf.org/security-advisories.html"
        },
        {
          "category": "external",
          "summary": "https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc",
          "url": "https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc"
        }
      ],
      "release_date": "2026-05-05T10:29:16.378000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-07-09T14:49:43+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Extensions-10.2.Z:rh-podman-desktop-0:1.1.1-1.el10_2.src",
            "Extensions-10.2.Z:rh-podman-desktop-0:1.1.1-1.el10_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:37385"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Extensions-10.2.Z:rh-podman-desktop-0:1.1.1-1.el10_2.src",
            "Extensions-10.2.Z:rh-podman-desktop-0:1.1.1-1.el10_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "fast-uri: fast-uri: URI authority bypass due to improper delimiter handling"
    },
    {
      "cve": "CVE-2026-44293",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2026-05-13T16:03:50.961609+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2477104"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in protobufjs, a library used to compile protobuf definitions into JavaScript functions. A remote attacker could exploit this vulnerability by providing a crafted descriptor that includes a non-string default value for a bytes field. This could lead to the generation of an unsafe expression within the toObject conversion function, ultimately allowing the attacker to execute arbitrary code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is an Important flaw affecting Red Hat products that incorporate the protobufjs library. protobufjs is vulnerable to arbitrary code execution when compiling protobuf definitions into JavaScript. During generation of the toObject conversion function, a schema-controlled default value on a bytes field that is not a string can be emitted as unsafe JavaScript code. An attacker who can supply or influence the protobuf descriptor processed by the application (low privileges required) may achieve code execution in the Node.js process context. Fixed upstream in protobufjs 7.5.6 and 8.0.2. Affects Red Hat offerings that bundle protobufjs and process attacker-influenced protobuf schemas at runtime.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Extensions-10.2.Z:rh-podman-desktop-0:1.1.1-1.el10_2.src",
          "Extensions-10.2.Z:rh-podman-desktop-0:1.1.1-1.el10_2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-44293"
        },
        {
          "category": "external",
          "summary": "RHBZ#2477104",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477104"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-44293",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44293"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44293",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44293"
        },
        {
          "category": "external",
          "summary": "https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-66ff-xgx4-vchm",
          "url": "https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-66ff-xgx4-vchm"
        }
      ],
      "release_date": "2026-05-13T14:43:33.342000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-07-09T14:49:43+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "Extensions-10.2.Z:rh-podman-desktop-0:1.1.1-1.el10_2.src",
            "Extensions-10.2.Z:rh-podman-desktop-0:1.1.1-1.el10_2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:37385"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Extensions-10.2.Z:rh-podman-desktop-0:1.1.1-1.el10_2.src",
            "Extensions-10.2.Z:rh-podman-desktop-0:1.1.1-1.el10_2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "Extensions-10.2.Z:rh-podman-desktop-0:1.1.1-1.el10_2.src",
            "Extensions-10.2.Z:rh-podman-desktop-0:1.1.1-1.el10_2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors"
    }
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…