Exploiting Node.js Deserialization Bug for Remote Code Execution

tl;dr Untrusted data passed into unserialize() function in node-serialize module can be exploited to achieve arbitrary code execution by passing a serialized JavaScript Object with an Immediately invoked function expression (IIFE). The Bug During a Node. Read more

Read full article

Similar

What’s new in Node 8.0

Create interactive content on any technology and share it with the community... (more…)

2016 – A year in review in the life of a Node.js web developer and book writer

2016 is almost over and I just realised that it has been one of my most productive and exciting years ever. With that in mind I would love to write a recap of all the good and bad things (mostly...

463 bytes micro template engine that works for Node.js and browser

vegito - Simple micro templating with JavaScript expression support. (more…)

Handling the Asynchronous Nature of Node.js: Sample Project

Node.js is built on top of Google's V8 engine, which in turns compiles JavaScript. JavaScript is asynchronous in nature. Asynchronous is a programming pattern which provides the feature of non-blocking code i.e do not stop or do not depend on another func... (more…)

Golang vs. Node.js Comparison: Performance, Speed, Scalability and Other

Before we start our comparison of Node.js vs Golang, let’s get our terminology right. Node.js is a runtime, or environment, for JavaScript code execution, while Golang is a programming language. However, both are used for backend development where Node.js... (more…)

Latest News

Health Care Is Hemorrhaging Data. AI Is Here to Help

Introducing bitlib-rs for Rust and Cairo

HUI.js – JavaScript Front End UI Library in 657 Bytes