Medium severity5.5NVD Advisory· Published Jun 7, 2018· Updated Jun 17, 2026
CVE-2018-3738
CVE-2018-3738
Description
protobufjs is vulnerable to ReDoS when parsing crafted invalid .proto files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
protobufjsnpm | >= 6.0.0, < 6.8.6 | 6.8.6 |
protobufjsnpm | < 5.0.3 | 5.0.3 |
Affected products
2- HackerOne/protobufjs node modulev5Range: Versions up to and including 6.8.5
Patches
Vulnerability mechanics
References
5- hackerone.com/reports/319576nvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-762f-c2wg-m8c8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-3738ghsaADVISORY
- github.com/dcodeIO/protobuf.js/blob/6.8.5/src/parse.jsghsaWEB
- www.npmjs.com/advisories/605ghsaWEB
News mentions
0No linked articles in our index yet.