Exploiting Node.js Deserialization Bug for Remote Code Execution

tl;dr Untrusted data passed into unserialize() function in node-serialize module can be exploited to achieve arbitrary code execution by passing a serialized JavaScript Object with an Immediately invoked function expression (IIFE). The Bug During a Node. Read more

Read full article

Similar

Study: 97% of Node.js Projects Use Package Containing Npm Creator’s Shopping List

CAMBRIDGE - In a press conference today, MIT researchers unveiled their discovery from an exhaustive analysis of the entire NodeJS package manager (npm) repository: nearly every package in existence has a direct or indirect dependency on "shopping-list", ... (more…)

Node.js Express api development security checklist

A checklist for developing secure apis using the express framework for Node.js. (more…)

Node.js Clusters and Websockets

ClusterWS - is a minimal Node JS http & real-time framework which allows to scale WebSocket (uWS - one of the fastest WebSocket libraries) between Node JS Clusters and utilize all available CPU. (more…)

Propublica: Facebook Political Ad Collector (Node.js, Rust)

facebook-political-ads - Monitoring Facebook Political Ads... (more…)

Thmclrx: a theme color extractor module for Node.js based on Byakuren

thmclrx - :art: A theme color extractor module for Node.js. (more…)

Latest News

Health Care Is Hemorrhaging Data. AI Is Here to Help

Introducing bitlib-rs for Rust and Cairo

HUI.js – JavaScript Front End UI Library in 657 Bytes