all InfoSec news
Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js. (arXiv:2207.11171v1 [cs.CR])
July 25, 2022, 1:20 a.m. | Mikhail Shcherbakov (1), Musard Balliu (1), Cristian-Alexandru Staicu (2) ((1) KTH Royal Institute of Technology, (2) CISPA Helmholtz Center for Infor
cs.CR updates on arXiv.org arxiv.org
Prototype pollution is a dangerous vulnerability affecting prototype-based
languages like JavaScript and the Node.js platform. It refers to the ability of
an attacker to inject properties into an object's root prototype at runtime and
subsequently trigger the execution of legitimate code gadgets that access these
properties on the object's prototype, leading to attacks such as DoS, privilege
escalation, and remote code execution (RCE). While there is anecdotal evidence
that prototype pollution leads to RCE, current research does not tackle the …
code code execution js node node.js remote code execution spring
More from arxiv.org / cs.CR updates on arXiv.org
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Security Engineering Professional
@ Nokia | India
Cyber Intelligence Exercise Planner
@ Peraton | Fort Gordon, GA, United States
Technical Lead, HR Systems Security
@ Sun Life | Sun Life Wellesley
SecOps Manager *
@ WTW | Thane, Maharashtra, India
Consultant Appels d'Offres Marketing Digital
@ Numberly | Paris, France