Back to directory

WRITEUP #1954

Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js

RCEPrototype pollutionDoS

byMikhail Shcherbakov

Program

Rocket.ChatNPM CLIParse ServerNode.js

Published

Nov 11, 2022

Added to HackDex

Nov 11, 2022

Read Full Writeuphttps://www.usenix.org/system/files/sec23summer_432-shcherbakov-prepub.pdf

▸ RELATED WRITEUPS

Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources

Vulnerabilities in Open Source C2 Frameworks

RCEOS command injection

[2,500$ Bug Bounty Write-Up] Remote Code Execution (RCE) via unclaimed Node package

RCEDependency confusion

Attacking PowerShell CLIXML Deserialization

DeserializationInsecure deserialization

Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS

RCEArbitrary file write

Built with ❤️ by Shubham Rawat