Exploiting Node.js Deserialization Bug for Remote Code Execution

tl;dr Untrusted data passed into unserialize() function in node-serialize module can be exploited to achieve arbitrary code execution by passing a serialized JavaScript Object with an Immediately invoked function expression (IIFE). The Bug During a Node. Read more

Read full article

Similar

Make Node.js Core Bigger

Node.js currently has the smallest standard library of any comparable platform. Combined with great ecosystem tooling like npm this approach has been a huge success. This success has created a…...

Node.js Microservices with Stdlib

We learn how to create a Node.js microservice using the stdlb platform. This microservice enables us to retrieve the name of a city based on GPS coordinates.

Sending tuples from Node to Rust and back

This week in Fluvio, I want to talk about an interesting problem I encountered while implementing a Batch Producer API for the Fluvio client. As part of our feature development process, we update each of our language clients with new APIs for interacting ... (more…)

How Cars.com Developer Mac Heller-Ogden Convinced His Bosses to Adopt Node.js

Top software development companies vetted by Modern Web... (more…)

Wrestling with Variation in Advanced Node Designs

Margin is no longer effective, so now the problem has to be solved on the design side. (more…)

Latest News

Overhead of Returning Optional Values in Java and Rust

We halved the publish size of modular AWS SDK for JavaScript clients

Making slow Rust code fast