child_process: harden against prototype pollution by LiviaMedeiros · Pull Request #48726 · nodejs/node
added
child_process
labels
Jul 10, 2023
KhafraDev
added
the
author ready
label
Jul 10, 2023
lpinca
added
the
commit-queue
label
Jul 14, 2023This was referenced
Jul 16, 2023Ceres6 pushed a commit to Ceres6/node that referenced this pull request
Aug 14, 2023
PR-URL: nodejs#48726 Reviewed-By: Matthew Aitken <maitken033380023@gmail.com> Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Ceres6 pushed a commit to Ceres6/node that referenced this pull request
Aug 14, 2023
PR-URL: nodejs#48726 Reviewed-By: Matthew Aitken <maitken033380023@gmail.com> Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
UlisesGascon pushed a commit to UlisesGascon/node that referenced this pull request
Aug 14, 2023
PR-URL: nodejs#48726 Reviewed-By: Matthew Aitken <maitken033380023@gmail.com> Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
RafaelGSS pushed a commit that referenced this pull request
Aug 15, 2023
PR-URL: #48726 Reviewed-By: Matthew Aitken <maitken033380023@gmail.com> Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
ruyadorno pushed a commit that referenced this pull request
Sep 12, 2023
PR-URL: #48726 Reviewed-By: Matthew Aitken <maitken033380023@gmail.com> Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
ruyadorno pushed a commit that referenced this pull request
Sep 13, 2023
PR-URL: #48726 Reviewed-By: Matthew Aitken <maitken033380023@gmail.com> Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
ruyadorno pushed a commit that referenced this pull request
Sep 17, 2023
PR-URL: #48726 Reviewed-By: Matthew Aitken <maitken033380023@gmail.com> Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
jkleinsc pushed a commit to electron/electron that referenced this pull request
Sep 20, 2023
* chore: bump node in DEPS to v18.18.0 * child_process: harden against prototype pollution nodejs/node#48726 * deps: upgrade to libuv 1.46.0 nodejs/node#49591 * module: reduce url invocations in esm/load.js nodejs/node#48337 * Revert "test: remove test-crypto-keygen flaky designation" nodejs/node#48652 * fix: FTBTFS in ada dep ada-url/ada#464 ada-url/idna#31 * fix: force_colors snapshot line number * chore: fixup patch indices * chore: update filenames.json --------- Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com> Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
MrHuangJser pushed a commit to MrHuangJser/electron that referenced this pull request
Dec 11, 2023
* chore: bump node in DEPS to v18.18.0 * child_process: harden against prototype pollution nodejs/node#48726 * deps: upgrade to libuv 1.46.0 nodejs/node#49591 * module: reduce url invocations in esm/load.js nodejs/node#48337 * Revert "test: remove test-crypto-keygen flaky designation" nodejs/node#48652 * fix: FTBTFS in ada dep ada-url/ada#464 ada-url/idna#31 * fix: force_colors snapshot line number * chore: fixup patch indices * chore: update filenames.json --------- Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com> Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
lirantal added a commit to lirantal/node that referenced this pull request
Jul 9, 2024
Prior pull request (nodejs#48726) hardened against prototype pollution vulnerabilities but effectively missed some use-cases which opened a window for prototype pollution for some child_process functions such as spawn(), spawnSync(), and execFileSync().
lirantal added a commit to lirantal/node that referenced this pull request
Jul 9, 2024
Prior pull request (nodejs#48726) hardened against prototype pollution vulnerabilities but effectively missed some use-cases which opened a window for prototype pollution for some child_process functions such as spawn(), spawnSync(), and execFileSync().
lirantal added a commit to lirantal/node that referenced this pull request
Jul 9, 2024
Prior pull request (nodejs#48726) hardened against prototype pollution vulnerabilities but effectively missed some use-cases which opened a window for prototype pollution for some child_process functions such as spawn(), spawnSync(), and execFileSync().
lirantal added a commit to lirantal/node that referenced this pull request
Jul 9, 2024
Prior pull request (nodejs#48726) hardened against prototype pollution vulnerabilities but effectively missed some use-cases which opened a window for prototype pollution for some child_process functions such as spawn(), spawnSync(), and execFileSync().
lirantal added a commit to lirantal/node that referenced this pull request
Jul 9, 2024
Prior pull request (nodejs#48726) hardened against prototype pollution vulnerabilities but effectively missed some use-cases which opened a window for prototype pollution for some child_process functions such as spawn(), spawnSync(), and execFileSync().
lirantal added a commit to lirantal/node that referenced this pull request
Jul 9, 2024
Prior pull request (nodejs#48726) hardened against prototype pollution vulnerabilities but effectively missed some use-cases which opened a window for prototype pollution for some child_process functions such as spawn(), spawnSync(), and execFileSync().
lirantal added a commit to lirantal/node that referenced this pull request
Jul 9, 2024
Prior pull request (nodejs#48726) hardened against prototype pollution vulnerabilities but effectively missed some use-cases which opened a window for prototype pollution for some child_process functions such as spawn(), spawnSync(), and execFileSync().
nodejs-github-bot pushed a commit that referenced this pull request
Jul 21, 2024
Prior pull request (#48726) hardened against prototype pollution vulnerabilities but effectively missed some use-cases which opened a window for prototype pollution for some child_process functions such as spawn(), spawnSync(), and execFileSync(). PR-URL: #53781 Reviewed-By: Vinícius Lourenço Claro Cardoso <contact@viniciusl.com.br> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
targos pushed a commit that referenced this pull request
Jul 28, 2024
Prior pull request (#48726) hardened against prototype pollution vulnerabilities but effectively missed some use-cases which opened a window for prototype pollution for some child_process functions such as spawn(), spawnSync(), and execFileSync(). PR-URL: #53781 Reviewed-By: Vinícius Lourenço Claro Cardoso <contact@viniciusl.com.br> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
RafaelGSS pushed a commit that referenced this pull request
Aug 5, 2024
Prior pull request (#48726) hardened against prototype pollution vulnerabilities but effectively missed some use-cases which opened a window for prototype pollution for some child_process functions such as spawn(), spawnSync(), and execFileSync(). PR-URL: #53781 Reviewed-By: Vinícius Lourenço Claro Cardoso <contact@viniciusl.com.br> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
marco-ippolito pushed a commit that referenced this pull request
Aug 19, 2024
Prior pull request (#48726) hardened against prototype pollution vulnerabilities but effectively missed some use-cases which opened a window for prototype pollution for some child_process functions such as spawn(), spawnSync(), and execFileSync(). PR-URL: #53781 Reviewed-By: Vinícius Lourenço Claro Cardoso <contact@viniciusl.com.br> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
marco-ippolito pushed a commit that referenced this pull request
Aug 19, 2024
Prior pull request (#48726) hardened against prototype pollution vulnerabilities but effectively missed some use-cases which opened a window for prototype pollution for some child_process functions such as spawn(), spawnSync(), and execFileSync(). PR-URL: #53781 Reviewed-By: Vinícius Lourenço Claro Cardoso <contact@viniciusl.com.br> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
marco-ippolito pushed a commit that referenced this pull request
Aug 19, 2024
Prior pull request (#48726) hardened against prototype pollution vulnerabilities but effectively missed some use-cases which opened a window for prototype pollution for some child_process functions such as spawn(), spawnSync(), and execFileSync(). PR-URL: #53781 Reviewed-By: Vinícius Lourenço Claro Cardoso <contact@viniciusl.com.br> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters