Security
Taint-style Vulnerability
Graph.js (PLDI 2024)
Explode.js (PLDI 2025)
Dataset: VulCaN (Transactions on Reliability)
Dataset: SecBench (ICSE 2023)
ODGen (USENIX Security 2022)
Paper title: Mining Node.js Vulnerabilities via Object Dependence Graph and Query
Authors: Song Li, Mingqing Kang, Jianwei Hou, Yinzhi Cao
FAST (S&P 2023)
Paper title: Scaling JavaScript Abstract Interpretation to Detect and Exploit Node.js Taint-style Vulnerability
Authors: Mingqing Kang, Yichao Xu, Song Li, Rigel Gjomemo, Jianwei Hou, V.N. Venkatakrishnan, Yinzhi Cao
ObjLupAnsys (ESEC/FSE 2021)
Paper title: Detecting Node.js Prototype Pollution Vulnerabilities via Object Lookup Analysis
Authors: Song Li, Mingqing Kang, Jianwei Hou, Yinzhi Cao
GHunter (USENIX Security 2024)
Paper title: GHUNTER: Universal Prototype Pollution Gadgets in JavaScript Runtimes
Authors: Eric Cornelissen, Mikhail Shcherbakov, Musard Balliu
Dasty (WWW 2024)
Paper title: Unveiling the Invisible: Detection and Evaluation of Prototype Pollution Gadgets with Dynamic Taint Analysis
Authors: Mikhail Shcherbakov, Paul Moosbrugger, Musard Balliu
GALA (S&P 2025)
Paper title: Follow My Flow: Unveiling Client-Side Prototype Pollution Gadgets from One Million Real-World Websites
Authors: Zifeng Kang, Muxi Lyu, Zhengyu Liu, Jianjia Yu, Runqi Fan, Song Li, Yinzhi Cao