URL Regex Validation: what can go wrong?
Are you using regex to validate URLs? Learn from a CVE identified in the node-forge npm package that was using a regex pattern to validate URLs and resulted in a security vulnerability.
Tag: vulnerability
Uncovering a Prototype Pollution Regression in the core Node.js project
Learn how I discovered a Node.js core prototype pollution regression, its security implications, and why it didn't warrant a CVE. Luckily, I also fixed it for us!
Disclosing code injection vulnerabilities in safe-eval-2 npm package
A project fork is not without risks, and this time it's the safe-eval-2 npm package that is vulnerable to code injection attacks.