Exploiting Node.js Deserialization Bug for Remote Code Execution

tl;dr Untrusted data passed into unserialize() function  in node-serialize module can be exploited to achieve arbitrary code execution by passing a serialized JavaScript Object with an Immediately invoked function expression (IIFE). The Bug During a Node. Read more

Similar

Node v8.5.0

Windows 32-bit Installer: https://nodejs.org/dist/v8.5.0/node-v8.5.0-x86.msi Windows 64-bit Installer: https://nodejs.org/dist/v8.5.0/node-v8.5.0-x64.msi Windows 32-bit Binary: https://nodejs.org/dist/v8.5.0/win-x86/node.exe Windows 64-bit Binary: https:/... (more…)

Read more »