
Research
/Security News
Critical Vulnerability in NestJS Devtools: Localhost RCE via Sandbox Escape
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
github.com/maxja/carousel
An open source docker container / kubernetes pod management tool that allowed to spin new containers / pods, track theirs uniqueness based on a custom set of their arguments, prevent from doubling, and maintain their life-cycle over time.
Project named after carousel tug, vessel that helps bigger ships operate in narrow space.
flowchart LR
subgraph env ["Orchestrated Environment"]
direction LR
dm["Service requester"]
ca["Carousel"]
dm -- "Request for certain <br /> service configuration" --> ca
ca -. "Pulling current state" .-> block
ca -- "Check requested <br /> service instance status" --> ca
ca -- "Request to pull / up / down" --> block
ca -- "Return service <br /> connection info" --> dm
subgraph block [" "]
direction TB
i1["Service A instance No 1"]
i2["Service A instance No 2"]
in["Service A instance No N"]
i1 -.- i2 -.- in
end
end
style i2 stroke-width:1px,stroke-dasharray: 1 5
style in stroke-width:1px,stroke-dasharray: 1 5
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Product
Customize license detection with Socket’s new license overlays: gain control, reduce noise, and handle edge cases with precision.
Product
Socket now supports Rust and Cargo, offering package search for all users and experimental SBOM generation for enterprise projects.