Exploiting Node.js Deserialization Bug for Remote Code Execution – Full-Stack Feed

Exploiting Node.js Deserialization Bug for Remote Code Execution

tl;dr Untrusted data passed into unserialize() function in node-serialize module can be exploited to achieve arbitrary code execution by passing a serialized JavaScript Object with an Immediately invoked function expression (IIFE). The Bug During a Node. Read more

Read full article

Similar

A 7KB AWS lambda Node.js library with zero runtime dependencies

Writing an API which will return a JSON and logging things like APIGatewayID and CloudWatchID, blahblah... (more…)

Read more »

N – Interactively Manage Your Node.js Versions

We recommend upgrading to the latest Safari, Google Chrome, or Firefox. (more…)

Read more »

Hello, Certified Modules – The Future of Trust in Node.js Dependencies

Today, we're happy to announce that you can start using NodeSource Certified Modules to secure your Node.js applications. (more…)

Read more »

The First Object Database for Node: Introducing Realm Node.js

Today, we’re announcing something completely different: Realm Node.js.

Read more »

19 things I learnt reading the Node.js docs

I’d like to think I know Node pretty well. I haven’t written a web site that doesn’t use it for about 3 years now. But I’ve never actually…

Read more »