Silent spring: Prototype pollution leads to remote code execution in Node. js
Prototype pollution is a dangerous vulnerability affecting prototype-based languages like
JavaScript and the Node. js platform. It refers to the ability of an attacker to inject properties …
JavaScript and the Node. js platform. It refers to the ability of an attacker to inject properties …
Detecting node. js prototype pollution vulnerabilities via object lookup analysis
Prototype pollution is a type of vulnerability specific to prototype-based languages, such as
JavaScript, which allows an adversary to pollute a base object's property, leading to a further …
JavaScript, which allows an adversary to pollute a base object's property, leading to a further …
Mining node. js vulnerabilities via object dependence graph and query
Node. js is a popular non-browser JavaScript platform that provides useful but sometimes
also vulnerable packages. On one hand, prior works have proposed many program analysis …
also vulnerable packages. On one hand, prior works have proposed many program analysis …
Scaling javascript abstract interpretation to detect and exploit node. js taint-style vulnerability
Taint-style vulnerabilities, such as OS command injection and path traversal, are common
and severe software weaknesses. There exists an inherent trade-off between analysis …
and severe software weaknesses. There exists an inherent trade-off between analysis …
[PDF][PDF] Probe the Proto: Measuring Client-Side Prototype Pollution Vulnerabilities of One Million Real-world Websites.
Prototype pollution is a relatively new type of JavaScript vulnerabilities, which allows an
adversary to inject a property into a prototypical object, such as Object. prototype. The …
adversary to inject a property into a prototypical object, such as Object. prototype. The …
Nodemedic: End-to-end analysis of node. js vulnerabilities with provenance graphs
Packages in the Node. js ecosystem often suffer from serious vulnerabilities such as
arbitrary command injection and code execution. Existing taint analysis tools fall short in …
arbitrary command injection and code execution. Existing taint analysis tools fall short in …
Study of JavaScript Static Analysis Tools for Vulnerability Detection in Node. js Packages
With the emergence of the Node. js ecosystem, JavaScript has become a widely used
programming language for implementing server-side web applications. In this article, we …
programming language for implementing server-side web applications. In this article, we …
Undefined-oriented Programming: Detecting and Chaining Prototype Pollution Gadgets in Node. js Template Engines for Malicious Consequences
Prototype pollution is a type of recently-discovered, impactful vulnerability that affects
JavaScript code. One important yet challenging research problem of prototype pollution is …
JavaScript code. One important yet challenging research problem of prototype pollution is …
On detecting and measuring exploitable JavaScript functions in real-world applications
JavaScript is often rated as the most popular programming language for the development of
both client-side and server-side applications. Because of its popularity, JavaScript has …
both client-side and server-side applications. Because of its popularity, JavaScript has …
Detecting prototype pollution for node. js: Vulnerability review and new fuzzing inputs
P Zhou, Y Gao - Computers & Security, 2024 - Elsevier
Prototype pollution is a unique vulnerability originating from the JavaScript languages and
has been found widely prevalent across the modern Node. js ecosystem. To detect this kind …
has been found widely prevalent across the modern Node. js ecosystem. To detect this kind …