Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js
How the donated funds are distributed
Kivach works on the Obyte network, and therefore you can track all donations.
Silent Spring is a research project that develops a multi-staged framework for detecting prototype pollution vulnerabilities and universal gadgets in Node.js applications, demonstrating how these can lead to Remote Code Execution (RCE) attacks. The framework uses static taint analysis with GitHub's CodeQL to identify prototype pollution sinks and gadgets, and has been used to find 11 universal gadgets in core Node.js APIs, as well as RCE vulnerabilities in high-profile applications like NPM CLI, Parse Server, and Rocket.Chat. The project is aimed at security researchers and developers interested in understanding and mitigating prototype pollution vulnerabilities in Node.js environments.
