EJS, Server side template injection RCE (CVE-2022-29078) - writeup

Note: The objective of this research or any similar researches is to improve the nodejs ecosystem security level. Recently i was working on a related project using one of the most popular Nodejs templating engines Embedded JavaScript templates - EJS In my weekend i started to have a look around to see if the library is vulnerable to server side template injection. Since the library is open source we can have a whitebox approach and look at the source code....

<span title='2022-04-23 22:57:49 +0200 +0200'>April 23, 2022</span>&nbsp;·&nbsp;4 min&nbsp;·&nbsp;Me

The unsecure node vm module

As any nodejs developer you should often check the nodejs documentation look for new modules or new features or even a change in the current API. If you do you will notice a module called “VM” (Executing Javascript). This is a very interesting module as per nodejs documentation defination “The vm module enables compiling and running code within V8 Virtual Machine contexts” Although the documentation state that “The vm module is not a security mechanism....

<span title='2020-11-22 09:47:06 +0200 +0200'>November 22, 2020</span>&nbsp;·&nbsp;4 min&nbsp;·&nbsp;Me

SSRF vulnerability in Uppy, Detected by Shieldfy

In this post, we will explain how Shieldfy detected an SSRF ( Server-side request forgery ) vulnerability in Uppy, one of the popular packages in NPM, diving into the technical details of the vulnerability, exploitation and the fix. Uppy is a sleek, modular JavaScript file uploader that integrates seamlessly with any application. It’s fast, easy to use and lets you worry about more important problems than building a file uploader....

<span title='2020-03-03 09:47:06 +0200 +0200'>March 3, 2020</span>&nbsp;·&nbsp;2 min&nbsp;·&nbsp;Me