Javascript weaknesses
Some Javascript weaknesses that malicious users can exploit
Like most languages, javascript has some weaknesses. Weaknesses are not flaws, they are vulnerabilities that arise from some design choice.In this way, malicious users can take advantage of weaknesses to carry out attacks. Global Variables, Monkey Patching and Module Cache are not the only language vulnerabilities but are the most exploited by malicious users as they can leak data and change the data flow of the application, which will later be shown as the main focus of attacks.
Global Variables
Global variables are functions and variables that are stored in a global context, that is, they are shared with all modules of the application. It is not possible to control access to these variables,
Monkey Patching
The Javascript language allows the use of monkey-patching, which is the possibility to extend and modify classes and functions at run time. There is no mechanism in the language to inform if monkey-patching was done on a function or class, in this way external libraries can change functions and classes used in the main application in addition to standard functions and objects of the language.
Module cache
In the Javascript language through a require function it is possible to load modules explicitly. This function has a cache object where the cache of that module and its export properties are stored. Because this cache is stored in a global context, it has the weaknesses of global variables, allowing unrestricted access to this data.
Last updated