Exploiting Node.js Deserialization Bug for Remote Code Execution

tl;dr Untrusted data passed into unserialize() function  in node-serialize module can be exploited to achieve arbitrary code execution by passing a serialized JavaScript Object with an Immediately invoked function expression (IIFE). The Bug During a Node. Read more

Similar

How to get HTTPs started with Node.js

If you search for the word ‘HTTPS’ on medium (yes, this platform!), you will be blown away by the response. Articles here range from The list goes on. Let me remind you, this is just Medium, a simple…

Read more »

Interview with Ryan Dahl, Creator of Node.js

Ryan Dahl is a Software Engineer working at Google Brain. He is the creator of Node.js, JavaScript runtime built on Chrome’s V8 JavaScript engine. Currently, he is working on deep learBrowserifyning research projects. His focus is mostly on image-to-image... (more…)

Read more »