CVE-2018-7160 - Pwning (NodeJS) Developers
随机文章攻击 debug 模式下的 nodejs(CVE-2018-7160)
NodeJS in debug mode did not check the Origin-Header of websocket connections. This could lead to arbitrary code execution on victims systems if they visited a malicious website while debugging NodeJS. Visual Studio Code 1.19 - 1.19.2 was running in debug mode by default and exposed all users to this vulnerability.