Exploiting Node.js Deserialization Bug for Remote Code Execution

tl;dr Untrusted data passed into unserialize() function in node-serialize module can be exploited to achieve arbitrary code execution by passing a serialized JavaScript Object with an Immediately invoked function expression (IIFE). The Bug During a Node. Read more

Read full article

Similar

Streaming SQL in Node.js

Sometimes you need a way to look at every row in a database table, and perform some operation on it. (more…)

The next major release of Node.js brings a range of significant changes and additions, far too many for us to cover adequately in a blog post such as this. This article contains a summary of the most significant changes and features. (more…)

Node.js – v14.13.1

Node.js® is a JavaScript runtime built on Chrome's V8 JavaScript engine. (more…)

Fast Node.js image resizer

sharp - High performance Node.js image processing, the fastest module to resize JPEG, PNG, WebP and TIFF images. Uses the libvips library. (more…)

The 10000 Node Cluster

Update: there’s a podcast episode about this The year is 2021. As the world is still deeply affected by the COVID-19 pandemic, the United Nations have decided that in order to prevent ... (more…)

Latest News

Learn Python, Easy to learn, way to get started

How to Fold a Julia Fractal – A tale of numbers that like to turn

The values of Emacs, the Neovim revolution, and the VSCode gorilla