Silent Spring: Prototype Pollution Leads to Remote Code Execution in
Node.js

v1v2 (latest)

Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js

22 July 2022

Mikhail Shcherbakov

Cristian-Alexandru Staicu

ArXiv (abs)PDF HTML

Papers citing "Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js"

6 / 6 papers shown

Title
Eradicating the Unseen: Detecting, Exploiting, and Remediating a Path Traversal Vulnerability across GitHub Jafar Akhoundali Hamidreza Hamidi Kristian Rietveld Olga Gadyatskaya 37 0 0 26 May 2025
ALFA-Chains: AI-Supported Discovery of Privilege Escalation and Remote Exploit Chains Miguel Tulla Andrea Vignali Christian Colon Giancarlo Sperli Simon Pietro Romano Masataro Asai Una-May O’Reilly Erik Hemberg 60 1 0 09 Apr 2025
GHunter: Universal Prototype Pollution Gadgets in JavaScript Runtimes Eric Cornelissen Mikhail Shcherbakov Musard Balliu 46 2 0 15 Jul 2024
DONAPI: Malicious NPM Packages Detector using Behavior Sequence Knowledge Mapping Cheng Huang Nannan Wang Ziteng Wang Siqi Sun Lingzi Li Junren Chen Qianchong Zhao Jiaxuan Han Zhen Yang Lei Shi Sichuan University 65 11 0 13 Mar 2024
HODOR: Shrinking Attack Surface on Node.js via System Call Limitation Wenya Wang Xingwei Lin Jingyi Wang Wang Gao Dawu Gu Wei Lv Jiashui Wang 44 3 0 24 Jun 2023
Bilingual Problems: Studying the Security Risks Incurred by Native Extensions in Scripting Languages Cristian-Alexandru Staicu Sazzadur Rahaman Ágnes Kiss Michael Backes 66 11 0 22 Nov 2021