Exploiting Node.js Deserialization Bug for Remote Code Execution

tl;dr Untrusted data passed into unserialize() function  in node-serialize module can be exploited to achieve arbitrary code execution by passing a serialized JavaScript Object with an Immediately invoked function expression (IIFE). The Bug During a Node. Read more

Similar

Make Node.js Core Bigger

Node.js currently has the smallest standard library of any comparable platform. Combined with great ecosystem tooling like npm this approach has been a huge success. This success has created a…...

Read more »

Sending tuples from Node to Rust and back

This week in Fluvio, I want to talk about an interesting problem I encountered while implementing a Batch Producer API for the Fluvio client. As part of our feature development process, we update each of our language clients with new APIs for interacting ... (more…)

Read more »