Node.js third-party modules: Insecure implementation of deserialization in cryo
I would like to report code injection in serialization package cryo It allows execute arbitrary code using custom prototype. Module module name: cryo version: 0.0.6 npm page: https://www.npmjs.com/package/cryo Module Description JSON on steroids. Built for node.js and browsers. Cryo is inspired b...