From Idle to Pwn: Chaining Prototype Pollution to RCE

How a simple prototype pollution in a Node.js dashboard widget led to full remote code execution.