Six Proto6 Flaws Hit protobuf.js Node.js Apps

Six vulnerabilities named Proto6 were found in protobuf.js, a JavaScript and TypeScript Protocol Buffers implementation. The flaws can lead to remote code execution and denial-of-service attacks in Node.js applications. Cyera researcher Assaf Morag reported that the issues stem from the library treating schema and metadata as trusted by default.