A Conversation About ZipSlip, NodeJS Security, and BBS Hacking

Earlier this year, the popular Bower package manager was found vulnerable to archive extraction, allowing attackers to write arbitrary files on a user’s disk. As Nodejs Security WG member and Snyk developer advocate Liran Tal wrote, the vector attacks used by this exploit have been known since the early days of BBS.

Read full news article on InfoQ