Exploiting Node.js Deserialization Bug for Remote Code Execution

tl;dr Untrusted data passed into unserialize() function  in node-serialize module can be exploited to achieve arbitrary code execution by passing a serialized JavaScript Object with an Immediately invoked function expression (IIFE). The Bug During a Node. Read more

Similar

Using the GitHub GraphQL API with Node.js

As of API v4 Github is using GraphQL as a query language for their API. This gives the users more power and flexibility to ask exactly what they need from the API (it also gives you more public data compared to API v3, such as closed issues count). (more…)

Read more »