Exploiting Node.js Deserialization Bug for Remote Code Execution

tl;dr Untrusted data passed into unserialize() function in node-serialize module can be exploited to achieve arbitrary code execution by passing a serialized JavaScript Object with an Immediately invoked function expression (IIFE). The Bug During a Node. Read more

Read full article

Similar

Node.js – v16.11.0

Node.js® is a JavaScript runtime built on Chrome's V8 JavaScript engine. (more…)

How to Set Up a Node.js App for Production on Ubuntu 16.04

Node.js is an open source JavaScript runtime environment for easily building server-side and networking applications. Node.js applications can be run at the command line but this guide focuses on running them as a service using PM2, so that they will... (more…)

Build and Deploy a Rest API Using Serverless, Express, and Node.js

Learn how to use the popular Express.js framework to deploy a REST API with Serverless, DynamoDB and API Gateway. Learn how to use the popular Node web framework Express.js to deploy a Serverless REST API. (more…)

Useful tools for your Node.js projects – 2018 edition

Back in the summer of 2015 we wrote a post on some useful tools that we were using in our Node.js projects. It’s proven to be a popular… (more…)

Node.js vs. Deno: Which Is Better for Your Next Back End Project?

Node.js vs. Deno: Unraveling the Battle of JavaScript Runtimes to Determine the Ultimate Champion of Server-Side Development and Innovation! (more…)

Latest News

Workers could be the ones to regulate AI

Quality of JavaScript and TypeScript Applications on GitHub

Sob story about dead grandma tricks Microsoft AI into solving CAPTCHA