Tag

Code-Generation

2 briefs RSS

protobuf.js Prototype Pollution Leads to Code Generation Gadget

protobufjs versions 7.5.5 and earlier, as well as versions 8.0.0 through 8.0.1, are vulnerable to arbitrary JavaScript execution if Object.prototype has been polluted, allowing attackers to influence generated encode/decode functions.

protobufjs +1 prototype-pollution code-generation javascript

2r May 12, 2026

high advisory

Babel Plugin Vulnerability Leads to Arbitrary Code Execution via Malicious Input

2 rules 1 TTP

A maliciously crafted input to Babel's `@babel/plugin-transform-modules-systemjs` or `@babel/preset-env` with `modules: 'systemjs'` can cause the tool to generate arbitrary code execution.

@babel/plugin-transform-modules-systemjs +1 code-generation arbitrary-code-execution babel

2r 1t May 8, 2026