Node.js prototype pollution is bad for your app environment
Back in March, security researchers reported a critical command injection vulnerability in Parse Server, an open-source backend for Node.js environments.
The boffins who identified the Parse Server flaw – Mikhail Shcherbakov and Musard Balliu, from KTH Royal Institute of Technology, Cristian-Alexandru Staicu, from CISPA Helmholtz Center for Information Security – did so by creating a framework for detecting prototype pollution through a combination of static and dynamic analysis.titled,"Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.
"The vulnerability is rooted in the permissive nature of the language, which allows the mutation of an important built-in object in the global scope – Object.prototype – called the root prototype," the Silent Spring paper explains."JavaScript’s prototype-based inheritance enables accessing this important object through the prototype chain."
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
New Knolly Endorphin 27.5' enduro bike coming, revised tubes & geo on all modelsKnolly shows off prototypes of their next gen full suspension MTBs, plus an all-new Endorphin 27.5 full suspension bike for shorter riders.
Read more »
7 humidity-loving houseplants that’ll thrive in your bathroomNot all plants are suited to the bathroom environment, so you need to pick carefully.
Read more »
Shoppers desperate for street become 'jewel' of cityThe conservation area is in very bad condition according to experts
Read more »
Eurovision 2023 confirmed to take place in UKBidding for a host city begins this week.
Read more »