jiangcuo/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-05-19 07:50:07 +00:00
Code Issues Actions 14 Packages Projects Releases Wiki Activity
f447a4611a
node/lib/internal/fs
History
Tobias Nießen f447a4611a permission: fix Uint8Array path traversal 
Previous security patches addressed path traversal vulnerabilities for
string and Buffer inputs, but ignored Uint8Array inputs. This commit
fixes the existing logic to account for the latter.

The previous implementation would silently ignore unexpected inputs,
whereas this commit introduces an explicit assertion to prevent that
unsafe behavior.

PR-URL: https://github.com/nodejs-private/node-private/pull/456
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
CVE-ID: CVE-2023-39332
2023-10-13 18:05:15 -03:00
..
cp fs: add support for mode flag to specify the copy behavior 2023-04-20 06:28:18 +00:00
read fs: improve error performance of sync methods 2023-09-17 20:42:46 +00:00
dir.js fs: improve error performance of opendirSync 2023-09-21 17:04:13 +00:00
glob.js fs: add globSync implementation 2023-06-25 14:40:33 +00:00
promises.js fs: add flush option to createWriteStream() 2023-10-11 16:25:05 +00:00
recursive_watch.js fs: use kResistStopPropagation 2023-06-24 15:52:38 +00:00
rimraf.js fs: add trailing commas in source files 2023-02-20 01:58:32 +01:00
streams.js fs: add flush option to createWriteStream() 2023-10-11 16:25:05 +00:00
sync_write_stream.js fs: call the callback with an error if writeSync fails 2023-06-26 14:18:58 +00:00
utils.js permission: fix Uint8Array path traversal 2023-10-13 18:05:15 -03:00
watchers.js fs: use kResistStopPropagation 2023-06-24 15:52:38 +00:00