From a56f42d4bf1dcbda1c7592ca57a044d5052752f2 Mon Sep 17 00:00:00 2001 From: Peter Burkholder Date: Wed, 15 Aug 2018 10:32:40 -0400 Subject: [PATCH] fix busted image link --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index e696b9b..a30d96b 100644 --- a/README.md +++ b/README.md @@ -2,8 +2,7 @@ This was inspired by, and originally forked from, code in https://github.com/mfdii/miner-blog, by [Michael Ducy](https://twitter.com/mfdii). That code accompanies [this blog post](https://sysdig.com/blog/detecting-cryptojacking-with-sysdigs-falco/), on Detecting Cryptojacking with Sysdig's [Falco](https://github.com/draios/falco). -I munged it for use in an incident response exercise with Cloud Foundry. It uses an Immediately-Invoked Function Expression attack on a NodeJS application to run arbitrary code in a container. The vulnerable application is in `node-exploitable/`, and relies on [node-serialize 0.0.4](https://github.com/luin/serialize) which has a [known, unpatched, 2017 CVE](https://www.cvedetails.com/vulnerability-list/vendor_id-16128/product_id-36008/version_id-208749/Node-serialize-Project-Node-serialize-0.0.4.html). As a result, I see this -![warning in GitHub](./node-serialize-warning.png): +I munged it for use in an incident response exercise with Cloud Foundry. It uses an Immediately-Invoked Function Expression attack on a NodeJS application to run arbitrary code in a container. The vulnerable application is in `node-exploitable/`, and relies on [node-serialize 0.0.4](https://github.com/luin/serialize) which has a [known, unpatched, 2017 CVE](https://www.cvedetails.com/vulnerability-list/vendor_id-16128/product_id-36008/version_id-208749/Node-serialize-Project-Node-serialize-0.0.4.html). As a result, I see this warning in GitHub: > ⚠️ We found a potential security vulnerability in one of your dependencies. A dependency defined in node-exploitable/package-lock.json has known security vulnerabilities and should be updated.