Jul 2021

11m 14s

NodeJS July 2021 Security Releases

About this episode

In today's show I go through the NodeJS Security Releases for the month of July 2021, lots of interesting vulnerabilities to discuss.

0:00 Intro

1:00 CVE-2021-22918 - libuv DNS Out of bounds Crash

3:40 CVE-2021-22921 - Node Windows installer Local Privilege Escalation

7:30 CVE-2021-27290 - ssri Regular Expression Denial of Service (ReDoS)

Resources

https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/

https://hackerone.com/reports/1211160

https://snyk.io/vuln/SNYK-JS-SSRI-1085630

Up next

Nov 24

CPU and Kernel Page Faults

Page faults occurs when the process tries to access a memory that isn’t backed by a physical page kernel raises a fault which loads a page. It happens on first access, stack expansion, COW, swap and much more. However it comes with a cost. In this episode o ... Show More

48m 37s

Oct 31

Amazon US-EAST-1 Outage in Details

On October 19 2025 AWS experienced an outage that lasted over a day, 10 days later we finally got the root cause analysis and we know exactly what caused the DNS to fail0:00 Summary 5:30 How did Dynamo lost its DNS?13:41 EC2 Errors 16:16 Network Load Balancer ErrorsRCA here https ... Show More

24m 26s

Oct 17

Graceful shutdown in HTTP

There are cases where the backend may need to close the connection to prevent unexpected situations, prevent bad actors or simply just free up resources. Closing a connection gracefully allows clients and backends to clean up and finish any pending requests. In this episode of th ... Show More

25m 49s

Recommended Episodes

Mar 2024

Episode 64: .NET Remoting, CDN Attack Surface, and Recon vs Main App

Episode 64: In this episode of Critical Thinking - Bug Bounty Podcast we talk about Justin and Joel delve into .NET remoting and how it can be exploited, a recent bypass in the Dom Purify library and some interesting functionality in the Cloudflare CDN-CGI endpoint. They also tou ... Show More

1h 8m

Apr 2018

The state of Node security (JS Party #23)

Suz Hinton, Christopher Hiller, and Jerod Santo talk with Adam Baldwin about his company being acquired by NPM, the security of Node, best practices, and more.

54m 51s

Apr 2020

JavaScript Vulnerabilities with Tim Kadlec - The State of the Web

(Originally aired on YouTube on May 30, 2018) Rick and Tim talk about how insecure much of the web really is, the various vulnerabilities in web security that can leave you open to attack, the challe ... Show More

12m 32s

Mar 2022

Securing the open source supply chain (Changelog Interviews #482)

This week we're joined by the "mad scientist" himself, Feross Aboukhadijeh...and we're talking about the launch of Socket — the next big thing in the fight to secure and protect the open source supply chain. While working on the frontlines of open source, Feross and team have ... Show More

1h 28m

Dec 2021

Frontend Feud: React Advanced Edition (JS Party #206)

Jerod, Nick, and a _node_modules_-worthy collection of JS friends played an intense game of Frontend Feud at React Advanced London's after-party back in October. Today, you get to play along with us!

1h 5m

Jan 2024

716: JS Perf Wins & New Node.js Features with Yagiz Nizipli

Yagiz Nizipli talks about his involvement with Node.js, implementing .env, how he finds areas to improve in performance, the happy path vs the hot path, and new features coming to Node.js. Show Notes 00:32 Welcome 01:01 Introducing Yagiz Nizipli 02:21 What is your involvem ... Show More

1h 1m

Jul 2023

Episode 27: Top 7 Esoteric Web Vulnerabilities

Episode 27: In this episode of Critical Thinking - Bug Bounty Podcast, we've switched places and now Joel is home while Justin is on the move. We break down seven esoteric web vulnerabilities, and talk Cookies, Config File Injections, Client-side path traversals and more. We also ... Show More

1h 20m

Feb 2024

731: Client side security, XSS attacks & CSP with Stripe’s Alex Sexton

Scott and Wes are joined by security expert, Alex Sexton of Stripe to cover all things: client security, XSS, attack vectors, and CSP (content security policy). Show Notes 00:00 Welcome to Syntax! 00:31 Brought to you by Sentry.io. 00:57 Who is Alex Sexton? 04:44 Stripe ... Show More

1h 3m

Listen to millions of songs and podcasts on Anghami