Cybersecurity researchers have disclosed six vulnerabilities in protobuf.js — the JavaScript and TypeScript implementation of Google's Protocol Buffers (Protobuf) serialization format — that can be chained or exploited independently to achieve remote code execution (RCE) and denial-of-service (DoS) attacks against applications that process attacker-controlled protobuf data.
The vulnerabilities, collectively dubbed Proto6, affect the widely-used protobufjs npm package and its TypeScript counterpart, which together accumulate tens of millions of downloads per week across the npm ecosystem.
What Is protobuf.js?
Protocol Buffers (Protobuf) is Google's binary serialization format, used extensively in gRPC microservices, API communication, and data storage pipelines. protobuf.js is the de facto JavaScript/TypeScript implementation, enabling Node.js and browser applications to serialize and deserialize Protobuf messages.
The library's wide adoption — particularly in backend Node.js microservices and gRPC-based APIs — makes these vulnerabilities high-impact for organizations running modern cloud-native architectures.
The Proto6 Vulnerabilities
Researchers identified six distinct flaws across different components of the protobuf.js message parsing and decoding pipeline:
| Vulnerability Class | Impact | Trigger |
|---|---|---|
| Prototype Pollution | RCE / Logic bypass | Crafted message field names |
| Type Confusion | RCE / Memory corruption | Malformed bytes or string fields |
| Integer Overflow | DoS / OOB read | Oversized varint encoded values |
Unsafe eval() Usage | RCE | Dynamic message parsing codepath |
| Unchecked Recursion | DoS (stack overflow) | Deeply nested message structures |
| Schema Injection | RCE | Attacker-controlled .proto schema loading |
Prototype Pollution → RCE
The most severe of the six flaws involves prototype pollution through carefully crafted Protobuf field names. An attacker can embed field names like __proto__ or constructor in a serialized Protobuf message, which — when decoded by the vulnerable library — modifies JavaScript's global object prototype. This can be escalated to RCE by poisoning built-in methods used by the application.
// Attacker-crafted protobuf message (conceptual)
// Field name "__proto__.toString" with malicious payload
// → pollutes Object.prototype.toString
// → RCE when application calls toString() in a privileged contextUnsafe eval() Codepath
A second RCE vector exists in protobuf.js's dynamic message generation feature, which uses eval() to build optimized decoder functions from schema definitions. When schema content is partially user-influenced (e.g., when loading .proto files from user-supplied paths), this path enables arbitrary code execution.
Recursion DoS
All six flaws include a denial-of-service impact pathway. The unchecked recursion vulnerability is particularly severe: an attacker can craft a Protobuf message containing circular or deeply nested references that cause the decoder to exhaust the Node.js call stack, crashing the process.
Affected Versions
Patches are expected for the protobufjs npm package. Organizations should:
- Check their
package.jsonandpackage-lock.jsonforprotobufjsas a direct or transitive dependency - Monitor the protobufjs npm page and GitHub releases for patched versions
- Apply updates as soon as they are available
# Check if protobufjs is in your dependency tree
npm ls protobufjs
# Or with yarn
yarn list --pattern protobufjs
# Or check for all versions in node_modules
find node_modules -name "package.json" -path "*/protobufjs/*" | xargs grep '"version"'Who Is at Risk?
Any Node.js application that:
- Processes Protobuf messages from untrusted sources (user-submitted data, external API responses, file uploads)
- Uses gRPC with protobuf.js on the server side
- Loads
.protoschemas dynamically from user-influenced paths - Has protobufjs in its dependency tree (direct or transitive via gRPC libraries)
Applications that only process Protobuf from fully trusted internal sources have a lower risk profile, but all deployments should patch.
Immediate Mitigation
Until an official patch is available:
- Validate and sanitize all incoming Protobuf data before passing it to the parser
- Avoid loading
.protoschema files from user-controlled paths - Disable dynamic message generation if your application can use pre-compiled static decoders
- Monitor for prototype pollution indicators — unexpected modifications to
Object.prototypeorFunction.prototype - Implement process-level isolation for services that handle untrusted Protobuf input (containers, separate worker processes with limited privileges)
Broader Supply Chain Context
This disclosure arrives during an ongoing period of heightened npm supply chain scrutiny. protobuf.js is a transitive dependency in hundreds of popular Node.js packages — including widely-used gRPC client libraries — meaning applications that don't directly depend on it may still be affected through indirect dependency chains.
# Audit your full dependency tree for exposure
npm audit
npx better-npm-audit audit
# For gRPC users, check @grpc/proto-loader which wraps protobufjs
npm ls @grpc/proto-loaderOrganizations using software composition analysis (SCA) tools like Snyk, Socket, or Dependabot should expect alerts once CVEs are formally assigned to the Proto6 set of vulnerabilities.