Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Code Intelligence

How we found a prototype pollution in protobufjs - CVE-2023-36665

In this webinar excerpt, our colleague Peter Samarin demonstrates how our prototype pollution bug detectors were able to uncover a highly severe CVE in the popular JavaScript library protobufjs. This finding puts affected applications at risk of remote code execution and denial of service attacks.

New Vulnerability in tree-kit: Prototype Pollution - CVE-2023-38894

The maintainers have already released an update fixing the issue. Versions before 0.7.5 are affected and thus vulnerable to Prototype Pollution. We strongly recommend that impacted users upgrade to the newer version that includes the fixes, i.e., version 0.7.5 and above.We have found a new Prototype Pollution vulnerability in the JavaScript package tree-kit in all versions before 0.7.5. The maintainer of tree-kit has released an update that fixed the issue on 21 July 2023.

How we found a Prototype Pollution in protobuf.js

Our colleagues Peter Samarin, Norbert Schneider and Fabian Meumertzheim recently built a new bug detector enabling our JavaScript fuzzing engine Jazzer.js to identify Prototype Pollution. This work is now bearing its first fruits: As part of our ongoing collaboration with Google’s OSS-Fuzz, Jazzer.js recently uncovered a new Prototype Pollution vulnerability in protobuf.js (CVE-2023-36665). This finding puts affected applications at risk of remote code execution and denial of service attacks.

The Risks of AI-Generated Code

AI is fundamentally transforming how we write, test and deploy code. However, AI is not a new phenomenon, as the term was first coined in the 1950s. With the more recent release of ChatGPT, generative AI has taken a huge step forward in delivering this technology to the masses. Especially for development teams, this has enormous potential. Today, AI represents the biggest change since the adoption of cloud computing. However, using it to create code comes with its own risks.

Code Intelligence Finds New Vulnerability in protobufjs: CVE-2023-36665

As part of Code Intelligence's ongoing efforts to improve the security of open-source software it continuously tests open-source projects with its JavaScript fuzzing engine, Jazzer.js, in Google's OSS-Fuzz. Recently Code Intelligence uncovered a new Prototype Pollution vulnerability in protobufjs (CVE-2023-36665) using its newly integrated Prototype Pollution bug detector. The vulnerability puts affected applications at risks of remote code execution and denial of service attacks.

26 AI Code Tools in 2024: Best AI Coding Assistant

Generative AI unleashed a whole series of new innovations and tools to the masses in 2023. From AI chatbots to image generators to AI coding assistants, there is just so much to consider, and there are more and more being launched every day. In this guide, we will look at how AI is changing the world of software development by showcasing 26 AI coding tools that are helping developers produce high-quality software more efficiently.

New Vulnerability in protobuf.js: Prototype Pollution - CVE-2023-36665

We have found a new Prototype Pollution vulnerability in protobufjs (CVE-2023-36665). The maintainer of protobufjs has issued an update that fixed the issue on 27 June 2023. The vulnerability was discovered by Peter Samarin using Jazzer.js with our newly integrated Prototype Pollution bug detector. This finding emerged in part from our collaboration with Google's OSS-Fuzz and puts affected applications at risk of remote code execution and denial of service attacks.

5 Tips for Functional Testing in Java

Functional testing is a critical aspect of application development, and it plays an essential role in products being built within the Java ecosystem to ensure they meet their functional requirements and work as intended for the end user. As this method of testing is heavily based on validating “functionality” (i.e., “Does this application work the way we intend it to work?”), it is essential to utilize it throughout the development process.