Darknet Diaries: Gulf Bank vs Voulnet 248am.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from 248am.com Daily Mail and Mail on Sunday newspapers.
A new class of security flaw is emerging from obscurity
In early 2019, security researchers at Snyk disclosed details of a severe vulnerability in Lodash, a popular JavaScript library, which allowed hackers to attack multiple web applications.
The security hole was a prototype pollution bug – a type of vulnerability that allows attackers to exploit the rules of the JavaScript programming language and compromise applications in various ways.
What is prototype pollution?
JavaScript is prototype-based: when new objects are created, they carry over the properties and methods of the prototype “object”, which contains basic functionalities such as toString, constructor and hasOwnProperty.
Object-based inheritance gives JavaScript the flexibility and efficiency that web programmers have come to love – but it also makes it vulnerable to tampering.