in

Prototype Pollution using `flat` with Next.js


A prototype pollution scenario in Next.js when flat 5.0.0 is used.

YouTube video

pages/vulnerable.js

const out = unflatten({ ...context.query });

nodejs vm module simple escape via Functionthis.constructor.constructor('return process')()

Researchers Uncover New Coexistence Attacks On Wi-Fi and Bluetooth Chips

Detail 2 — Cinematic video made simple