Critical RCE in protobuf.js (GHSA-xq3m-2v4x-88gg) via Unsafe

A critical remote code execution vulnerability in protobuf.js, one of the most widely used JavaScript serialization libraries with approximately 50 million weekly npm downloads, allows attackers to run arbitrary code by supplying malicious data schemas. Any Node.js application that accepts Protocol Buffer schema definitions from untrusted sources (APIs, user input, third-party integrations) is at risk. A public proof-of-concept exploit is available, meaning exploitation requires minimal expertise; organizations should treat this as an active threat requiring immediate action.

Author

Critical RCE in protobuf.js (GHSA-xq3m-2v4x-88gg) via Unsafe Function() Constructor, Public PoC Available

Executive Summary

Impact Assessment

Exposure Analysis

Are You Exposed?

Business Context

Business Impact

You Are Affected If

Board Talking Points

Technical Analysis

Action Checklist IR ENRICHED

Recovery Guidance

Key Forensic Artifacts

Detection Guidance

Platform Playbooks

MITRE ATT&CK Hunting Queries (2)

Compliance Framework Mappings

MITRE ATT&CK Mapping

Sources (5)

Gallery

Contacts

Tech Jacks Solutions

Services

Learn

Company