English
Related papers

Related papers: Silent Spring: Prototype Pollution Leads to Remote…

200 papers

Prototype pollution is a recent vulnerability that affects JavaScript code, leading to high impact attacks such as arbitrary code execution. The vulnerability is rooted in JavaScript's prototype-based inheritance, enabling attackers to…

Cryptography and Security · Computer Science 2024-07-16 Eric Cornelissen , Mikhail Shcherbakov , Musard Balliu

For better or worse, JavaScript is the cornerstone of modern Web. Prototype-based languages like JavaScript are susceptible to prototype pollution vulnerabilities, enabling an attacker to inject arbitrary properties into an object's…

Cryptography and Security · Computer Science 2023-11-08 Mikhail Shcherbakov , Paul Moosbrugger , Musard Balliu

With one of the largest available collection of reusable packages, the JavaScript runtime environment Node.js is one of the most popular programming application. With recent work showing evidence that known vulnerabilities are prevalent in…

Nowadays, an increasing number of applications uses deserialization. This technique, based on rebuilding the instance of objects from serialized byte streams, can be dangerous since it can open the application to attacks such as remote code…

Cryptography and Security · Computer Science 2022-08-18 Imen Sayar , Alexandre Bartel , Eric Bodden , Yves Le Traon

Remote Code Execution (RCE) exploits pose a significant threat to AI and ML systems, particularly in GPU-accelerated environments where the computational power of GPUs can be misused for malicious purposes. This paper focuses on RCE attacks…

Cryptography and Security · Computer Science 2025-02-18 Ariel Szabo , Uzy Hadad

In the last years Node.js has emerged as a framework particularly suitable for implementing lightweight IoT applications, thanks to its underlying asynchronous event-driven, non blocking I/O model. However, verifying the correctness of…

Programming Languages · Computer Science 2018-02-07 Davide Ancona , Luca Franceschini , Giorgio Delzanno , Maurizio Leotta , Marina Ribaudo , Filippo Ricca

With the emergence of the Node.js ecosystem, JavaScript has become a widely-used programming language for implementing server-side web applications. In this paper, we present the first empirical study of static code analysis tools for…

Cryptography and Security · Computer Science 2023-08-07 Tiago Brito , Mafalda Ferreira , Miguel Monteiro , Pedro Lopes , Miguel Barros , José Fragoso Santos , Nuno Santos

Low-code development frameworks for IoT platforms offer a simple drag-and-drop mechanism to create applications for the billions of existing IoT devices without the need for extensive programming knowledge. The security of such software is…

Cryptography and Security · Computer Science 2025-02-14 Simon Schneider , Komal Kashish , Katja Tuma , Riccardo Scandariato

Test flakiness is a significant issue in industry, affecting test efficiency and product quality. While extensive research has examined the impact of flaky tests, many root causes remain unexplored, particularly in the context of dynamic…

Software Engineering · Computer Science 2026-02-24 Negar Hashemi , Amjed Tahir , August Shi , Shawn Rasheed , Rachel Blagojevic

Model-sharing platforms, such as Hugging Face, ModelScope, and OpenCSG, have become central to modern machine learning development, enabling developers to share, load, and fine-tune pre-trained models with minimal effort. However, the…

Software Engineering · Computer Science 2026-01-21 Mohammed Latif Siddiq , Tanzim Hossain Romel , Natalie Sekerak , Beatrice Casey , Joanna C. S. Santos

In the software engineering community, deep learning (DL) has recently been applied to many source code processing tasks. Due to the poor interpretability of DL models, their security vulnerabilities require scrutiny. Recently, researchers…

Software Engineering · Computer Science 2022-11-01 Jia Li , Zhuo Li , Huangzhao Zhang , Ge Li , Zhi Jin , Xing Hu , Xin Xia

Code obfuscation is widely adopted in modern software development to protect intellectual property and hinder reverse engineering, but it also provides attackers with a powerful means to conceal malicious logic inside otherwise legitimate…

Cryptography and Security · Computer Science 2026-04-02 Francesco Pagano , Lorenzo Pisu , Leonardo Regano , Davide Maiorca , Alessio Merlo , Giorgio Giacinto

Smart contract vulnerabilities, particularly improper Access Control that allows unauthorized execution of restricted functions, have caused billions of dollars in losses. GitHub hosts numerous smart contract repositories containing source…

Software Engineering · Computer Science 2025-10-23 Chong Chen , Jiachi Chen , Lingfeng Bao , David Lo , Yanlin Wang , Zhenyu Shan , Ting Chen , Guangqiang Yin , Jianxing Yu , Zibin Zheng

The software supply chain is an increasingly common attack vector for malicious actors. The Node.js ecosystem has been subject to a wide array of attacks, likely due to its size and prevalence. To counter such attacks, the research…

Cryptography and Security · Computer Science 2025-09-03 Eric Cornelissen , Musard Balliu

Regular Expression Denial of Service (ReDoS) is a vulnerability class that has become prominent in recent years. Attackers can weaponize such weaknesses as part of asymmetric cyberattacks that exploit the slow worst-case matching time of…

Cryptography and Security · Computer Science 2025-08-27 Masudul Hasan Masud Bhuiyan , Berk Çakar , Ethan H. Burmane , James C. Davis , Cristian-Alexandru Staicu

LLMs show promise in transforming software development, with a growing interest in integrating them into more intelligent apps. Frameworks like LangChain aid LLM-integrated app development, offering code execution utility/APIs for custom…

Cryptography and Security · Computer Science 2025-02-28 Tong Liu , Zizhuang Deng , Guozhu Meng , Yuekang Li , Kai Chen

In managed languages, serialization of objects is typically done in bespoke binary formats such as Protobuf, or markup languages such as XML or JSON. The major limitation of these formats is readability. Human developers cannot read binary…

Software Engineering · Computer Science 2025-12-16 Julian Wachter , Deepika Tiwari , Martin Monperrus , Benoit Baudry

Maliciously prepared software packages are an extensively leveraged weapon for software supply chain attacks. The detection of malicious packages is undoubtedly of high priority and many academic and commercial approaches have been…

Cryptography and Security · Computer Science 2025-05-13 Marc Ohm , Timo Pohl , Felix Boes

Security vulnerabilities often arise unintentionally during development due to a lack of security expertise and code complexity. Traditional tools, such as static and dynamic analysis, detect vulnerabilities only after they are introduced…

Cryptography and Security · Computer Science 2026-02-03 Ranjith Krishnamurthy , Oshando Johnson , Goran Piskachev , Eric Bodden

In this paper, we conduct an empirical study on remote DoS attacks targeting NAT networks. We show that Internet attackers operating outside local NAT networks can remotely identify a NAT device and subsequently terminate TCP connections…

Cryptography and Security · Computer Science 2024-11-26 Xuewei Feng , Yuxiang Yang , Qi Li , Xingxiang Zhan , Kun Sun , Ziqiang Wang , Ao Wang , Ganqiu Du , Ke Xu
‹ Prev 1 2 3 10 Next ›