{"id":"https://openalex.org/W4415413155","doi":"https://doi.org/10.18293/seke2025-085","title":"AePPollo: Automated Exploit Generation for Prototype Pollution Vulnerabilities in Node.js Application","display_name":"AePPollo: Automated Exploit Generation for Prototype Pollution Vulnerabilities in Node.js Application","publication_year":2025,"publication_date":"2025-09-29","ids":{"openalex":"https://openalex.org/W4415413155","doi":"https://doi.org/10.18293/seke2025-085"},"language":null,"primary_location":{"id":"doi:10.18293/seke2025-085","is_oa":true,"landing_page_url":"https://doi.org/10.18293/seke2025-085","pdf_url":"https://doi.org/10.18293/seke2025-085","source":{"id":"https://openalex.org/S4220650826","display_name":"Proceedings/Proceedings of the ... International Conference on Software Engineering and Knowledge Engineering","issn_l":"2325-9000","issn":["2325-9000","2325-9086"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Conferences on Software Engineering and Knowledge Engineering","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"bronze","oa_url":"https://doi.org/10.18293/seke2025-085","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101936537","display_name":"Wenya Wang","orcid":"https://orcid.org/0000-0003-3902-4088"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Wenya Wang","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100648732","display_name":"Wang Gao","orcid":"https://orcid.org/0000-0003-0331-2299"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wang Gao","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5017372600","display_name":"Zhenghe Wang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhenghe Wang","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5007104924","display_name":"Sicong Cao","orcid":"https://orcid.org/0000-0003-3688-4437"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Sicong Cao","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5004134770","display_name":"Xingwei Lin","orcid":"https://orcid.org/0009-0005-5048-2516"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Xingwei Lin","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5008204306","display_name":"Dawu Gu","orcid":"https://orcid.org/0000-0002-0504-9538"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Dawu Gu","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5101936537"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":{"value":0.44817702,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"2025","issue":null,"first_page":"19","last_page":"24"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11614","display_name":"Cloud Data Security Solutions","score":0.8816999793052673,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11614","display_name":"Cloud Data Security Solutions","score":0.8816999793052673,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11986","display_name":"Scientific Computing and Data Management","score":0.8661999702453613,"subfield":{"id":"https://openalex.org/subfields/1802","display_name":"Information Systems and Management"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10101","display_name":"Cloud Computing and Resource Management","score":0.8395000100135803,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.7282999753952026},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.311599999666214},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.29109999537467957},{"id":"https://openalex.org/keywords/pollution","display_name":"Pollution","score":0.26429998874664307},{"id":"https://openalex.org/keywords/production","display_name":"Production (economics)","score":0.25060001015663147}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.7282999753952026},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5547000169754028},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3560999929904938},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.311599999666214},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.29109999537467957},{"id":"https://openalex.org/C521259446","wikidata":"https://www.wikidata.org/wiki/Q58734","display_name":"Pollution","level":2,"score":0.26429998874664307},{"id":"https://openalex.org/C39432304","wikidata":"https://www.wikidata.org/wiki/Q188847","display_name":"Environmental science","level":0,"score":0.2529999911785126},{"id":"https://openalex.org/C2778348673","wikidata":"https://www.wikidata.org/wiki/Q739302","display_name":"Production (economics)","level":2,"score":0.25060001015663147},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.25029999017715454},{"id":"https://openalex.org/C2909468537","wikidata":"https://www.wikidata.org/wiki/Q58734","display_name":"Environmental pollution","level":2,"score":0.24400000274181366}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.18293/seke2025-085","is_oa":true,"landing_page_url":"https://doi.org/10.18293/seke2025-085","pdf_url":"https://doi.org/10.18293/seke2025-085","source":{"id":"https://openalex.org/S4220650826","display_name":"Proceedings/Proceedings of the ... International Conference on Software Engineering and Knowledge Engineering","issn_l":"2325-9000","issn":["2325-9000","2325-9086"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Conferences on Software Engineering and Knowledge Engineering","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.18293/seke2025-085","is_oa":true,"landing_page_url":"https://doi.org/10.18293/seke2025-085","pdf_url":"https://doi.org/10.18293/seke2025-085","source":{"id":"https://openalex.org/S4220650826","display_name":"Proceedings/Proceedings of the ... International Conference on Software Engineering and Knowledge Engineering","issn_l":"2325-9000","issn":["2325-9000","2325-9086"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"International Conferences on Software Engineering and Knowledge Engineering","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4415413155.pdf","grobid_xml":"https://content.openalex.org/works/W4415413155.grobid-xml"},"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Prototype":[0],"pollution":[1,77],"is":[2],"a":[3,53,81],"kind":[4],"of":[5,14,32],"severe":[6],"vulnerability":[7],"in":[8],"Node.js":[9],"that":[10,55],"enables":[11],"unauthorized":[12],"modification":[13],"object":[15],"prototypes,":[16],"leading":[17],"to":[18,66],"critical":[19],"security":[20],"risks.Although":[21],"prior":[22],"work":[23],"has":[24],"focused":[25],"on":[26,73],"detecting":[27],"and":[28,36,64],"assessing":[29],"the":[30],"severity":[31],"prototype":[33,76],"pollution,":[34],"automated":[35],"efficient":[37],"exploit":[38,83],"generation":[39,84],"for":[40,70],"server-side":[41],"scenarios":[42],"remains":[43],"unaddressed.To":[44],"bridge":[45],"this":[46],"gap,":[47],"we":[48],"develop":[49],"AePPollo":[50,79],"1":[51],",":[52],"framework":[54],"integrates":[56],"taint":[57],"analysis,":[58],"knowledge-enhanced":[59],"Large":[60],"Language":[61],"Models":[62],"(LLMs),":[63],"fuzzing":[65],"automatically":[67],"generate":[68],"exploits":[69],"Node.jsprototype":[71],"pollution.Evaluated":[72],"218":[74],"real-world":[75],"vulnerabilities,":[78],"achieves":[80],"91.74%":[82],"success":[85],"rate":[86],"with":[87],"minimal":[88],"overhead,":[89],"outperforming":[90],"state-of-theart":[91],"methods.":[92]},"counts_by_year":[],"updated_date":"2026-03-10T14:07:55.174380","created_date":"2025-10-24T00:00:00"}