Prototype pollution bug in popular Node.js library leaves web apps open to abuse

Discussion in 'other security issues & news' started by guest, Aug 3, 2020.

  1. guest

    guest Guest

    Prototype pollution bug in popular Node.js library leaves web apps open to DoS, remote shell attacks
    Package has been downloaded seven million times, but project maintainer believes most users are unaffected
    August 3, 2020

    https://portswigger.net/daily-swig/...ves-web-apps-open-to-dos-remote-shell-attacks
     
  2. guest

    guest Guest

    NodeJS module downloaded 7M times lets hackers inject code
    August 4, 2020
    https://www.bleepingcomputer.com/ne...downloaded-7m-times-lets-hackers-inject-code/
     
  3. guest

    guest Guest

    Node.js applications open to prototype pollution attacks via legacy function in popular encryption library
    Dangerous bug could allow attackers to manipulate the behavior of an application by modifying its runtime
    Septembre 21, 2020

    https://portswigger.net/daily-swig/...legacy-function-in-popular-encryption-library
     
  4. guest

    guest Guest

    Node.js prototype pollution is bad for your app environment
    Boffins find common code constructs that may be exploitable to achieve remote code execution
    July 25, 2022
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.