Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-rb39-w8y8-gqck
Summaryprotobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth limit while expanding nested JSON descriptors through Root.fromJSON() and Namespace.addJSON(). A crafted JSON descriptor with deeply nested namespace definitions could cause the JavaScript call stack to be exhausted during descriptor loading. This vulnerability is fixed in 7.5.8 and 8.2.0.
Aliases
0
alias CVE-2026-45740
1
alias GHSA-jggg-4jg4-v7c6
Fixed_packages
0
url pkg:npm/protobufjs@7.5.8
purl pkg:npm/protobufjs@7.5.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/protobufjs@7.5.8
1
url pkg:npm/protobufjs@8.2.0
purl pkg:npm/protobufjs@8.2.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/protobufjs@8.2.0
Affected_packages
0
url pkg:npm/protobufjs@7.5.7
purl pkg:npm/protobufjs@7.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rb39-w8y8-gqck
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/protobufjs@7.5.7
1
url pkg:npm/protobufjs@8.0.0
purl pkg:npm/protobufjs@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6nmq-6d5d-4udh
1
vulnerability VCID-a74m-ddhb-7bgs
2
vulnerability VCID-agcx-f3qr-8fce
3
vulnerability VCID-cset-c4xv-sfdk
4
vulnerability VCID-jpgw-z2qb-47hp
5
vulnerability VCID-rb39-w8y8-gqck
6
vulnerability VCID-sbyg-dk24-2kb9
7
vulnerability VCID-v9xz-hqym-nffk
8
vulnerability VCID-xgad-rzs5-4fan
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/protobufjs@8.0.0
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45740
reference_id
reference_type
scores
0
value 0.00058
scoring_system epss
scoring_elements 0.18748
published_at 2026-06-12T12:55:00Z
1
value 0.00058
scoring_system epss
scoring_elements 0.18766
published_at 2026-06-13T12:55:00Z
2
value 0.00058
scoring_system epss
scoring_elements 0.18586
published_at 2026-06-11T12:55:00Z
3
value 0.00064
scoring_system epss
scoring_elements 0.20213
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45740
1
reference_url https://github.com/protobufjs/protobuf.js
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/protobufjs/protobuf.js
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45740
reference_id CVE-2026-45740
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45740
3
reference_url https://github.com/advisories/GHSA-jggg-4jg4-v7c6
reference_id GHSA-jggg-4jg4-v7c6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jggg-4jg4-v7c6
4
reference_url https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-jggg-4jg4-v7c6
reference_id GHSA-jggg-4jg4-v7c6
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T18:14:53Z/
url https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-jggg-4jg4-v7c6
Weaknesses
0
cwe_id 674
name Uncontrolled Recursion
description The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-rb39-w8y8-gqck