Exploiting Node.js Deserialization Bug for Remote Code Execution

tl;dr Untrusted data passed into unserialize() function in node-serialize module can be exploited to achieve arbitrary code execution by passing a serialized JavaScript Object with an Immediately invoked function expression (IIFE). The Bug During a Node. Read more

Read full article

Similar

Node.js supported encodings

node - Node.js JavaScript runtime :sparkles::turtle::rocket::sparkles: (more…)

Guide to Running Node Apps on Amazon ECS

Amazon ECS ventures into the wonderful world of containers, specifically for running containerised apps on Amazon EC2. Given a cluster of instances, you can have ECS run and manage the containers on those instances. Since building the ECS launch demo for ... (more…)

Multi-core Reed-Solomon erasure coding for Node

reed-solomon - Reed-Solomon erasure coding in pure Javascript with an optional C++ binding for multi-core throughput.

Node.js Forked Again Over Complaints of Unresponsive Leadership

The codebase for popular Node.js JavaScript runtime has been forked again — the second time in less than three years — with a growing number of contributors charging that the Technical Steering Committee (TSC) leadership is ignoring repeated violations o... (more…)

Scaffolding a Node.js GraphQL API Server

Recently, I’ve been working on a new full-stack project and I wanted to take the opportunity to try my hand at creating a GraphQL API. I… (more…)

Latest News

Reactive Rabbit Consumer in Java

Python program that summarizes the shape of a data structure

Pika – The JavaScript package registry for the modern web