Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

August 2023

How we found a prototype pollution in protobufjs - CVE-2023-36665

Aug 18, 2023 By Code Intelligence In Code Intelligence
In this webinar excerpt, our colleague Peter Samarin demonstrates how our prototype pollution bug detectors were able to uncover a highly severe CVE in the popular JavaScript library protobufjs. This finding puts affected applications at risk of remote code execution and denial of service attacks.
View Video
code intelligence

New Vulnerability in tree-kit: Prototype Pollution - CVE-2023-38894

Aug 16, 2023 By Roman Wagner In Code Intelligence
The maintainers have already released an update fixing the issue. Versions before 0.7.5 are affected and thus vulnerable to Prototype Pollution. We strongly recommend that impacted users upgrade to the newer version that includes the fixes, i.e., version 0.7.5 and above.We have found a new Prototype Pollution vulnerability in the JavaScript package tree-kit in all versions before 0.7.5. The maintainer of tree-kit has released an update that fixed the issue on 21 July 2023.
Read Post

How we found a Prototype Pollution in protobuf.js

Aug 14, 2023 By Code Intelligence In Code Intelligence
Our colleagues Peter Samarin, Norbert Schneider and Fabian Meumertzheim recently built a new bug detector enabling our JavaScript fuzzing engine Jazzer.js to identify Prototype Pollution. This work is now bearing its first fruits: As part of our ongoing collaboration with Google’s OSS-Fuzz, Jazzer.js recently uncovered a new Prototype Pollution vulnerability in protobuf.js (CVE-2023-36665). This finding puts affected applications at risk of remote code execution and denial of service attacks.
View Video
code intelligence

The Risks of AI-Generated Code

Aug 9, 2023 By Sergej Dechand In Code Intelligence
AI is fundamentally transforming how we write, test and deploy code. However, AI is not a new phenomenon, as the term was first coined in the 1950s. With the more recent release of ChatGPT, generative AI has taken a huge step forward in delivering this technology to the masses. Especially for development teams, this has enormous potential. Today, AI represents the biggest change since the adoption of cloud computing. However, using it to create code comes with its own risks.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.