News

Application security news, updated daily (if there is any news to share).

protobufjs patches schema-driven code generation RCE

Endor Labs disclosed a critical protobufjs code-generation flaw enabling remote JavaScript execution when apps decode attacker-controlled protobuf schemas, affecting `protobufjs` <=8.0.0 and <=7.5.4.

NewsJavaScriptRCE

2 minYesterday

Loading news…

Content is AI-assisted and reviewed by our team, but issues may be missed and best practices evolve rapidly, send corrections to [email protected]. Always consult official documentation and validate key implementation decisions before making design or security choices.