Exploiting Node.js Deserialization Bug for Remote Code Execution

tl;dr Untrusted data passed into unserialize() function in node-serialize module can be exploited to achieve arbitrary code execution by passing a serialized JavaScript Object with an Immediately invoked function expression (IIFE). The Bug During a Node. Read more

Read full article

Similar

Node.js 8.0.0 will ship on or around May 30th

This post is brought to you by Myles Borins who is a @nodejs ctc member / developer advocate for @googlecloud. Now with that background… (more…)

Debugging in 2017 with Node.js

We're gonna takealigg---a little look at these topics: * 1:43 Debugging basics (--inspect) and Chrome DevTools integration * 4:17 Chrome DevTools demo * 8:46... (more…)

Chrome Canary gets an integrated Node.js debugger

Chrome DevTools - A New and Improved Workflow for Debugging a Node.js Webapp - Subscribe to Dev Tips to get these in your inbox...

Mutual authentication with Node.js: tls, https, wss

concepts-language - Learn the concepts of Asm,C,Cc,Java,Js,Python daily notes... (more…)

Add util.promisify() to Node.js 8.x core

See nodejs/CTC#12 for discussion/background. I would say that that thread is a better place for general discussion, and I prefer it if comments here would be kept to what is directly relevant for t... (more…)

Latest News

Java Developer RoadMap

The Economics of AI Today

If you’re in the East, please consider Rust