Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

July 2023

Code Intelligence Finds New Vulnerability in protobufjs: CVE-2023-36665

As part of Code Intelligence's ongoing efforts to improve the security of open-source software it continuously tests open-source projects with its JavaScript fuzzing engine, Jazzer.js, in Google's OSS-Fuzz. Recently Code Intelligence uncovered a new Prototype Pollution vulnerability in protobufjs (CVE-2023-36665) using its newly integrated Prototype Pollution bug detector. The vulnerability puts affected applications at risks of remote code execution and denial of service attacks.

26 AI Code Tools in 2024: Best AI Coding Assistant

Generative AI unleashed a whole series of new innovations and tools to the masses in 2023. From AI chatbots to image generators to AI coding assistants, there is just so much to consider, and there are more and more being launched every day. In this guide, we will look at how AI is changing the world of software development by showcasing 26 AI coding tools that are helping developers produce high-quality software more efficiently.

Consolidation: The wave of the (AST) future

Reducing complexity and providing insight into software risk, consolidation is the wave of the application security testing future. As the convergence of economic and practical factors increases pressure on organizations to streamline their application security (AppSec) initiatives, consolidation is emerging as a practical solution.

New Vulnerability in protobuf.js: Prototype Pollution - CVE-2023-36665

We have found a new Prototype Pollution vulnerability in protobufjs (CVE-2023-36665). The maintainer of protobufjs has issued an update that fixed the issue on 27 June 2023. The vulnerability was discovered by Peter Samarin using Jazzer.js with our newly integrated Prototype Pollution bug detector. This finding emerged in part from our collaboration with Google's OSS-Fuzz and puts affected applications at risk of remote code execution and denial of service attacks.