Get the Whitepaper called Exploiting Node.js Deserialization Bug for Remote Code Execution.
You can download it from the following link: https://packetstormsecurity.com/files/download/141002/exploiting-nodejs.pdf
Source: https://packetstormsecurity.com/files/141002/Exploiting-Node.js-Deserialization-Bug-For-Remote-Code-Execution.html