Proto6: six protobuf.js vulnerabilities enable RCE and DoS in Node.js

Colleagues, please note: six Proto6 vulnerabilities in protobuf.js have been discovered, enabling remote code execution and denial of service.
— Reported by Cyera: issues stem from trusting schemas; primary risks are RCE via prototype pollution and data leaks/DoS.
— Many Node.js services, Google Cloud SDK, messaging frameworks and CI/CD are affected. Vulnerable versions: protobuf.js


Latest comments
No comments yet.