Using a brand-new code analysis tool they created especially for the task called ODGen, researchers at Johns Hopkins University recently discovered an astounding 180 zero-day vulnerabilities affecting thousands of Node.js modules.
Since then, 70 of the problems have been given CVE numbers (common vulnerabilities and exposures). Some of these affect widely used apps and include cross-site scripting flaws, arbitrary code execution problems, route traversal flaws, and command injection faults. Read More…