Code Intelligence Finds New Vulnerability in protobufjs: CVE-2023-36665

Code Intelligence Finds New Vulnerability in protobufjs: CVE-2023-36665

Bonn, Germany, February 08, 2023 - As part of Code Intelligence’s ongoing efforts to improve the security of open-source software it continuously tests open-source projects with its JavaScript fuzzing engine, Jazzer.js, in Google’s OSS-Fuzz. Recently Code Intelligence uncovered a new Prototype Pollution vulnerability in protobufjs (CVE-2023-36665) using its newly integrated Prototype Pollution bug detector. The vulnerability puts affected applications at risks of remote code execution and denial of service attacks. The maintainer of protobufjs has issued an update to fix the vulnerability. The CVE has a CVSS score of 9.8

More details on the vulnerability, along with affected versions and mitigation steps, can be found in Code Intelligence’s blog on the topic. 

Embedded Blog Thumbnails (17) (1)

About Code Intelligence:

Founded in 2018 by Sergej Dechand, Khaled Yakdan, and Matthew Smith, Code Intelligence offers an automated software security platform that helps developers ship more secure code. The startup strongly focuses on securing memory-safe languages widely used in the industry. To this end, it develops and maintains the leading fuzzing engines for Java and JavaScript. It also contributed several improvements to fuzzing in Golang, which have been integrated into the language, benefiting all Go developers. Code Intelligence is trusted by Google, Deutsche TelekomBosch, and CARIAD, amongst others.

Media Kit


Media Contact