Go modules package
google.golang.org/protobuf
pkg:golang/google.golang.org/protobuf
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-24786 | Hig | 7.5 | < 1.33.0 | 1.33.0 | Mar 5, 2024 | The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set. | |
| CVE-2023-24535 | — | >= 1.29.0, < 1.29.1 | 1.29.1 | Jun 8, 2023 | Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic. |
- affected < 1.33.0fixed 1.33.0
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
- CVE-2023-24535Jun 8, 2023affected >= 1.29.0, < 1.29.1fixed 1.29.1
Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic.