GHSA-j452-xhg8-qg39

Source

https://github.com/advisories/GHSA-j452-xhg8-qg39

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-j452-xhg8-qg39/GHSA-j452-xhg8-qg39.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-j452-xhg8-qg39

Aliases

CVE-2026-5758

Downstream

MINI-652x-h5j6-qqxh

Related

CGA-p4pf-w66p-x524

Published

2026-04-15T18:31:58Z

Modified

2026-05-05T20:14:24.935644980Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVSS Calculator

Summary

Mafintosh's protocol-buffers-schema is vulnerable to prototype pollution

Details

JavaScript is vulnerable to prototype pollution in Mafintosh's protocol-buffers-schema Version 3.6.0, where an attacker may alter the application logic, bypass security checks, cause a DoS or achieve remote code execution.

Database specific

{
    "github_reviewed_at": "2026-04-16T21:33:53Z",
    "nvd_published_at": "2026-04-15T18:17:24Z",
    "cwe_ids": [
        "CWE-1321"
    ],
    "severity": "MODERATE",
    "github_reviewed": true
}

References

Affected packages

npm / protocol-buffers-schema

Package

Name: protocol-buffers-schema; View open source insights on deps.dev
Purl: pkg:npm/protocol-buffers-schema

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-j452-xhg8-qg39/GHSA-j452-xhg8-qg39.json"