com.google.protobuf:protobuf-java (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package com.google.protobuf:protobuf-java, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2021-22569 — CVSS 7.5 (high): An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out…
CVE-2022-3509 — CVSS 7.5 (high): A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and…
CVE-2022-3510 — CVSS 7.5 (high): A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3…
CVE-2024-7254 — CVSS 7.5 (high): Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can…
CVE-2021-22570 — CVSS 6.5 (medium): Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the…
CVE-2022-3171 — CVSS 4.3 (medium): A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of…