this post was submitted on 11 Feb 2026
8 points (100.0% liked)

Security

1982 readers
14 users here now

A community for discussion about cybersecurity, hacking, cybersecurity news, exploits, bounties etc.

Rules :

  1. All instance-wide rules apply.
  2. Keep it totally legal.
  3. Remember the human, be civil.
  4. Be helpful, don't be rude.

Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient

founded 2 years ago
MODERATORS
Vacant@programming.dev
8
Breaking Down CVE-2026-25049: How TypeScript Types Failed n8n's Security (hetmehta.com)
submitted 1 day ago by codeinabox@programming.dev to c/security@programming.dev
2 comments fedilink hide all child comments
 

cross-posted from: https://lemmy.bestiver.se/post/919467

Comments

you are viewing a single comment's thread
view the rest of the comments
[–] onlinepersona@programming.dev 1 points 1 day ago

I'm not even sure whether there's a defense against this when trying to limit the user to a subset of JavaScript. It feels like you need to write a compiler or interpreter that doesn't know anything outside of that subset otherwise you can break out of the language sandbox.