Prototype pollution bug in popular Node.js library leaves web apps open to DoS, remote shell attacks Package has been downloaded seven million times, but project maintainer believes most users are unaffected August 3, 2020 https://portswigger.net/daily-swig/...ves-web-apps-open-to-dos-remote-shell-attacks
NodeJS module downloaded 7M times lets hackers inject code August 4, 2020 https://www.bleepingcomputer.com/ne...downloaded-7m-times-lets-hackers-inject-code/
Node.js applications open to prototype pollution attacks via legacy function in popular encryption library Dangerous bug could allow attackers to manipulate the behavior of an application by modifying its runtime Septembre 21, 2020 https://portswigger.net/daily-swig/...legacy-function-in-popular-encryption-library
Node.js prototype pollution is bad for your app environment Boffins find common code constructs that may be exploitable to achieve remote code execution July 25, 2022