Jul 2021

11m 14s

NodeJS July 2021 Security Releases

About this episode

In today's show I go through the NodeJS Security Releases for the month of July 2021, lots of interesting vulnerabilities to discuss.

0:00 Intro

1:00 CVE-2021-22918 - libuv DNS Out of bounds Crash

3:40 CVE-2021-22921 - Node Windows installer Local Privilege Escalation

7:30 CVE-2021-27290 - ssri Regular Expression Denial of Service (ReDoS)

Resources

https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/

https://hackerone.com/reports/1211160

https://snyk.io/vuln/SNYK-JS-SSRI-1085630

--- Support this podcast: https://anchor.fm/hnasr/support

Up next

Jun 13

kTLS - Kernel level TLS

Fundamentals of Operating Systems Course https://oscourse.winktls is brilliant.TLS encryption/decryption often happens in userland. While TCP lives in the kernel. With ktls, userland can hand the keys to the kernel and the kernel does crypto. When calling write, the kernel encryp ... Show More

22m 55s

May 9

The beauty of the CPU

If you are bored of contemporary topics of AI and need a breather, I invite you to join me to explore a mundane, fundamental and earthy topic.The CPU.A reading of my substack article https://hnasr.substack.com/p/the-beauty-of-the-cpu

9m 38s

Apr 18

Sequential Scans in Postgres just got faster

This new PostgreSQL 17 feature is game changer. They know can combine IOs when performing sequential scan. Grab my database coursehttps://courses.husseinnasser.com

27m 36s

Recommended Episodes

Mar 2024

Episode 64: .NET Remoting, CDN Attack Surface, and Recon vs Main App

Episode 64: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Justin and Joel delve into .NET remoting and how it can be exploited, a recent bypass in the Dom Purify library and some interesting functionality in the Cloudflare CDN-CGI endpoint. They also tou ... Show More

1h 8m

Apr 2018

The state of Node security (JS Party #23)

Suz Hinton, Christopher Hiller, and Jerod Santo talk with Adam Baldwin about his company being acquired by NPM, the security of Node, best practices, and more. Discuss on Changelog News Changelog++ members support our work, get closer to the metal, and make the ads disappear. Joi ... Show More

54m 51s

Apr 2020

JavaScript Vulnerabilities with Tim Kadlec - The State of the Web

(Originally aired on YouTube on May 30, 2018) Rick and Tim talk about how insecure much of the web really is, the various vulnerabilities in web security that can leave you open to attack, the challenge of making your organization aware of these risks, and how they could be explo ... Show More

12m 32s

Mar 2022

Securing the open source supply chain (Changelog Interviews #482)

This week we’re joined by the “mad scientist” himself, Feross Aboukhadijeh…and we’re talking about the launch of Socket — the next big thing in the fight to secure and protect the open source supply chain. While working on the frontlines of open source, Feross and team have witne ... Show More

1h 28m

Dec 2021

Frontend Feud: React Advanced Edition (JS Party #206)

Jerod, Nick, and a node_modules-worthy collection of JS friends played an intense game of Frontend Feud at React Advanced London’s after-party back in October. Today, you get to play along with us! Leave us a comment Changelog++ members save 3 minutes on this episode because they ... Show More

1h 5m

Jan 2024

716: JS Perf Wins & New Node.js Features with Yagiz Nizipli

Yagiz Nizipli talks about his involvement with Node.js, implementing .env, how he finds areas to improve in performance, the happy path vs the hot path, and new features coming to Node.js. Show Notes 00:32 Welcome 01:01 Introducing Yagiz Nizipli 02:21 What is your involvement in ... Show More

1h 1m

Jul 2023

Episode 27: Top 7 Esoteric Web Vulnerabilities

Episode 27: In this episode of Critical Thinking - Bug Bounty Podcast, we've switched places and now Joel is home while Justin is on the move. We break down seven esoteric web vulnerabilities, and talk Cookies, Config File Injections, Client-side path traversals and more. We also ... Show More

1h 20m

Feb 2024

731: Client side security, XSS attacks & CSP with Stripe’s Alex Sexton

Scott and Wes are joined by security expert, Alex Sexton of Stripe to cover all things: client security, XSS, attack vectors, and CSP (content security policy). Show Notes 00:00 Welcome to Syntax! 00:31 Brought to you by Sentry.io. 00:57 Who is Alex Sexton? 04:44 Stripe dashboard ... Show More

1h 3m

Listen to millions of songs and podcasts on Anghami