An Introduction to SSRF Bypasses and Denylist Failures
Getting hands-on with SSRF bypasses and the pitfalls of denylists.
Articles tagged for: nodejs
Disclosing a Command Injection Vulnerability in `git-checkout-tool`
Ever wondered how interactive CLI prompts can be a security disaster? Here's the case of git-checkout-tool and a command injection vulnerability.
Prisma Raw Query Leads to SQL Injection? Yes and No
Prisma is a popular type-safe ORM for Node.js but just like all abstractions, it comes at a cost and Prisma Raw Query function may lead to SQL injection if not handled correctly.
Flawed Git Promises Library on npm Leads to Command Injection Vulnerability
A promising Git library turns into a security nightmare when it harbors command injection vulnerabilities. Learn how to avoid these risks in your Node.js applications.
Holes in the Safety Net: Bypassing SSRF Protection in safe-axios
Analyzing a vulnerability in safe-axios, an npm package designed to safeguard applications from SSRF attacks.
How to Parse URLs from Markdown to HTML Securely?
What if I told you that parsing URLs from user input, especially from Markdown content, can be a security risk? Here is how URL parsing logic an be bypassed and what you need to know to handle it in a secure way.