Security ======== Taint-style Vulnerability ---------------------------- Graph.js (PLDI 2024) ^^^^^^^^^^^^^^^^^^^^^^ Explode.js (PLDI 2025) ^^^^^^^^^^^^^^^^^^^^^^^^ Dataset: VulCaN (Transactions on Reliability) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Dataset: SecBench (ICSE 2023) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ODGen (USENIX Security 2022) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ *Paper title:* `Mining Node.js Vulnerabilities via Object Dependence Graph and Query `__ *Authors:* Song Li, Mingqing Kang, Jianwei Hou, Yinzhi Cao FAST (S&P 2023) ^^^^^^^^^^^^^^^^^ *Paper title:* `Scaling JavaScript Abstract Interpretation to Detect and Exploit Node.js Taint-style Vulnerability `__ *Authors:* Mingqing Kang, Yichao Xu, Song Li, Rigel Gjomemo, Jianwei Hou, V.N. Venkatakrishnan, Yinzhi Cao ObjLupAnsys (ESEC/FSE 2021) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ *Paper title:* `Detecting Node.js Prototype Pollution Vulnerabilities via Object Lookup Analysis `__ *Authors:* Song Li, Mingqing Kang, Jianwei Hou, Yinzhi Cao GHunter (USENIX Security 2024) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ *Paper title:* `GHUNTER: Universal Prototype Pollution Gadgets in JavaScript Runtimes `__ *Authors:* Eric Cornelissen, Mikhail Shcherbakov, Musard Balliu Dasty (WWW 2024) ^^^^^^^^^^^^^^^^^^^ *Paper title:* `Unveiling the Invisible: Detection and Evaluation of Prototype Pollution Gadgets with Dynamic Taint Analysis `__ *Authors:* Mikhail Shcherbakov, Paul Moosbrugger, Musard Balliu GALA (S&P 2025) ^^^^^^^^^^^^^^^^^^^ *Paper title:* `Follow My Flow: Unveiling Client-Side Prototype Pollution Gadgets from One Million Real-World Websites `__ *Authors:* Zifeng Kang, Muxi Lyu, Zhengyu Liu, Jianjia Yu, Runqi Fan, Song Li, Yinzhi Cao Deobfuscation -------------