Exploiting Node.js Deserialization Bug for Remote Code Execution

tl;dr Untrusted data passed into unserialize() function in node-serialize module can be exploited to achieve arbitrary code execution by passing a serialized JavaScript Object with an Immediately invoked function expression (IIFE). The Bug During a Node. Read more

Read full article

Similar

Node.js: tighter integration with Chrome DevTools

some recent changes to node (7.6.0) make it more convenient to debug your code. most importantly, there is now a –inspect-brk flag which saves you from typing –inspect –debug-brk. that alone will save... (more…)

Deploy your Node.js apps by uploading your project

Generate a package json file in the root directory of your application files. By default, the nodechef platform executes your code using the latest node js version. To specify a different version, use the "engines.node" attribute in the... (more…)

Node.js and PostgreSQL PaaS

NodeChef Node.js and PostgreSQL hosting platform is based on managed containers with integrated Redis add-on, for deploying and running your apps. (more…)

Promise-based middleware for Node.js

This is the journey of creating a simple and powerful server for Node.js.

Build a Node.js Landing Page in 4 Steps

In this blog I will show you how to pick up an existing codebase example to build your very own beautiful Node.js...

Latest News

Inside Microsoft’s AI Comeback

Text to speech in Python

RocketDB is a simple and very fast database npm module for your Node.js app