Exploiting Node.js Deserialization Bug for Remote Code Execution

tl;dr Untrusted data passed into unserialize() function in node-serialize module can be exploited to achieve arbitrary code execution by passing a serialized JavaScript Object with an Immediately invoked function expression (IIFE). The Bug During a Node. Read more

Read full article

Similar

Elegant IoC container for Node.js

epoxy - Elegant, seamless dependency injection container for node.js... (more…)

Node.js: server.close() and keep-alive done right at socket level

server.close() and keep-alive done right at socket level - LuKks/like-server... (more…)

Node v12.22.0 (LTS)

Node.js® is a JavaScript runtime built on Chrome's V8 JavaScript engine. (more…)

TDD a MongoDB and Node.js API with Integration Tests

One thing I find to be a time sink when developing NodeJS APIs is just plain ole getting started. There are so many ways to structure a project with Node, many of which are solid. You have to answer questions out of the gate such as: (more…)

Node.js Weekly Update – 17 November, 2017 – RisingStack

The hottest Node.js news of the week: Node v9.2.0 released, tutorials on solving memory leaks & OpenID Connect, & our survey about learning Node.js in 2018! (more…)

Latest News

Picologging – An optimized logging library for Python

Rich-bench: A little benchmarking tool for Python

Svelte Origins: A JavaScript Documentary [video]