Uncovering a Prototype Pollution Regression in the core Node.js project
Learn how I discovered a Node.js core prototype pollution regression, its security implications, and why it didn't warrant a CVE. Luckily, I also fixed it for us!
Articles tagged for: vulnerability
Disclosing code injection vulnerabilities in safe-eval-2 npm package
A project fork is not without risks, and this time it's the safe-eval-2 npm package that is vulnerable to code injection attacks.