silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,210
Read more: Node.js applications open to prototype pollution attacks via legacy function in popular encryption libraryA carryover function in the popular node-forge JavaScript library contains a vulnerability that could allow attackers to carry out prototype pollution attacks against applications, according to an advisory on GitHub.
Node-forge, used by more than 3.5 million repositories, implements various cryptography utilities, the TLS protocol, and tools for developing web applications.
Prototype pollution is a dangerous bug that allows attackers to manipulate the behavior of an application by modifying its code at runtime. It is usually carried out through malicious input, and depending on the vulnerable components, can lead to a range of attacks, including denial of service or even remote code execution.