CVE-2023-36665
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-36665
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
"protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions. Exploitation can involve: (1) using the function parse to parse protobuf messages on the fly, (2) loading .proto files by using load/loadSync functions, or (3) providing untrusted input to the functions ReflectionObject.setParsedOption and util.setProperty.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
protobuf.js 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
protobuf.js是protobufjs的一个纯 JavaScript 实现,具有对node.js和浏览器的TypeScript支持的协议缓冲区实现。它易于使用,速度极快,并且通过.proto文件可以开箱即用! protobuf.js 6.10.0版本至7.2.4之前版本存在安全漏洞,该漏洞源于存在原型污染,攻击者可以使用用户控制的protobuf消息通过添加和覆盖其数据和函数来污染原型。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2023-36665
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-36665
请登录查看更多情报信息。
Patches & Fixes for CVE-2023-36665 (2)
Vendor Advisories for CVE-2023-36665 (1)
Security Blog Posts for CVE-2023-36665 (1)
Other References for CVE-2023-36665 (2)
Same Patch Batch · n/a · 2023-07-05 · 21 CVEs total
| CVE-2023-3089 | 7.0 HIGH | Ocp & fips mode |
| CVE-2023-33335 | Sophos iView 跨站脚本漏洞 | |
| CVE-2023-27197 | PAX Technology A930 安全漏洞 | |
| CVE-2023-27198 | PAX Technology A930 操作系统命令注入漏洞 | |
| CVE-2023-27199 | PAX Technology A930 安全漏洞 | |
| CVE-2023-34654 | taoCMS 跨站脚本漏洞 | |
| CVE-2023-36622 | Loxone Miniserver 操作系统命令注入漏洞 | |
| CVE-2023-36623 | Loxone Miniserver 信任管理问题漏洞 | |
| CVE-2023-36624 | Loxone Miniserver 安全漏洞 | |
| CVE-2023-30207 | Kodi Home Theater Software 数字错误漏洞 | |
| CVE-2020-23452 | Selenium Grid 跨站脚本漏洞 | |
| CVE-2023-35863 | MADEFORNET HTTP Debugger 竞争条件问题漏洞 | |
| CVE-2023-36932 | Progress Software MOVEit Transfer SQL注入漏洞 | |
| CVE-2023-36933 | Progress Software MOVEit Transfer 安全漏洞 | |
| CVE-2023-36934 | Progress Software MOVEit Transfer SQL注入漏洞 | |
| CVE-2020-25969 | gnuplot 安全漏洞 | |
| CVE-2023-25399 | SciPy 安全漏洞 | |
| CVE-2023-35786 | ZOHO ManageEngine ADManager Plus 代码问题漏洞 | |
| CVE-2022-42175 | SolusVM-WHMCS-Module 安全漏洞 | |
| CVE-2023-33201 | Bouncy Castle 信任管理问题漏洞 |
IV. Related Vulnerabilities
V. Comments for CVE-2023-36665
No comments yet