CVE-2023-46809 - Node.js and the Marvin Attack — Exploiting Weaknesses in PKCS #1 v1.5 Padding with OpenSSL
CVE-2023-46809 reveals a serious security issue for Node.js applications that use unpatched OpenSSL libraries and allow PKCS #1 v1.5 padding in RSA private
CVE-2024-36138 - Exploit and Technical Deep Dive—Bypassing the Incomplete Fix of CVE-2024-27980 in Node.js child_process.spawn without `shell` Option
---
Introduction
In April 2024, the Node.js community patched CVE-2024-27980, addressing a critical issue with command injection in the child_process.spawn function. The
CVE-2024-34156 - How Deeply Nested Gob Messages Can Crash Your Go App (with Exploit Example)
CVE-2024-34156 highlights a serious vulnerability in Go’s encoding/gob decoder — it can cause your application to crash if it decodes a message with extremely
CVE-2024-7652 - A Deep Dive Into the Async Generator Type Confusion Bug in Firefox and Thunderbird
In June 2024, a subtle but serious vulnerability shook the JavaScript world: CVE-2024-7652. This bug, tied to a flaw in the ECMA-262 specification's
CVE-2024-45299 - Exploiting Improper JSON Escaping in alf.io's Admin Customization
alf.io is a popular open source ticket reservation system, used by organizers for events like conferences, workshops, trade shows, and meetups. It's
Episode
00:00:00
00:00:00