Node.js Tech Stack

Jan 22, 2026 · Information Security

How a Malicious JSON Crashes Node.js Servers via Async Hooks and the New Fix

The recent Node.js security release patches eight vulnerabilities, most notably a stack‑overflow bug triggered by deep recursive promises when async_hooks is enabled, which allows a crafted JSON payload to terminate the process, and the fix modifies TryCatchScope to re‑throw stack‑overflow errors instead of exiting.