com.google.protobuf:protobuf-javalite (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package com.google.protobuf:protobuf-javalite, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (4)
CVE-2022-3509 — CVSS 7.5 (high): A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and…
CVE-2022-3510 — CVSS 7.5 (high): A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3…
CVE-2024-7254 — CVSS 7.5 (high): Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can…
CVE-2022-3171 — CVSS 4.3 (medium): A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of…