Exploiting Node.js Deserialization Bug for Remote Code Execution

tl;dr Untrusted data passed into unserialize() function  in node-serialize module can be exploited to achieve arbitrary code execution by passing a serialized JavaScript Object with an Immediately invoked function expression (IIFE). The Bug During a Node. Read more

Similar

Guide to Running Node Apps on Amazon ECS

Amazon ECS ventures into the wonderful world of containers, specifically for running containerised apps on Amazon EC2. Given a cluster of instances, you can have ECS run and manage the containers on those instances. Since building the ECS launch demo for ... (more…)

Read more »