Prototype pollution bug in popular Node.js library leaves web apps open to abuse

Discussion in 'other security issues & news' started by mood, Aug 3, 2020.

  1. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    36,391
    Prototype pollution bug in popular Node.js library leaves web apps open to DoS, remote shell attacks
    Package has been downloaded seven million times, but project maintainer believes most users are unaffected
    August 3, 2020

    https://portswigger.net/daily-swig/...ves-web-apps-open-to-dos-remote-shell-attacks
     
  2. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    36,391
    NodeJS module downloaded 7M times lets hackers inject code
    August 4, 2020
    https://www.bleepingcomputer.com/ne...downloaded-7m-times-lets-hackers-inject-code/
     
  3. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    36,391
    Node.js applications open to prototype pollution attacks via legacy function in popular encryption library
    Dangerous bug could allow attackers to manipulate the behavior of an application by modifying its runtime
    Septembre 21, 2020

    https://portswigger.net/daily-swig/...legacy-function-in-popular-encryption-library
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.