Exploiting Node.js Deserialization Bug for Remote Code Execution

tl;dr Untrusted data passed into unserialize() function  in node-serialize module can be exploited to achieve arbitrary code execution by passing a serialized JavaScript Object with an Immediately invoked function expression (IIFE). The Bug During a Node. Read more

Similar

Node v8.0.0 Released

The next major release of Node.js brings a range of significant changes and additions, far too many for us to cover adequately in a blog post such as this. This article contains a summary of the most significant changes and features. (more…)

Read more »

The 10000 Node Cluster

Update: there’s a podcast episode about this The year is 2021. As the world is still deeply affected by the COVID-19 pandemic, the United Nations have decided that in order to prevent ... (more…)

Read more »