Skip to content

[CVE-2017-16088] Sandbox Breakout (Critical Security Fix) - context clear#13

Merged
hacksparrow merged 12 commits into
hacksparrow:masterfrom
kaue:patch-2
Dec 14, 2018
Merged

[CVE-2017-16088] Sandbox Breakout (Critical Security Fix) - context clear#13
hacksparrow merged 12 commits into
hacksparrow:masterfrom
kaue:patch-2

Conversation

@kaue

@kaue kaue commented Nov 15, 2018

Copy link
Copy Markdown
Contributor

No description provided.

@kaue kaue changed the title Validate for Function in the context [CVE-2017-16088] Sandbox Breakout (Critical Security Fix) - context clear Nov 16, 2018
@kaue kaue mentioned this pull request Nov 16, 2018
Open
@kaue

kaue commented Nov 20, 2018

Copy link
Copy Markdown
Contributor Author

LGTM @hacksparrow

@kaue

kaue commented Nov 20, 2018

Copy link
Copy Markdown
Contributor Author

I think i fixed most of the issues reported by @cpcallen at v0.4.2
@cpcallen if you can find another way to break the vm context please share, thanks for the detailed report.

@hacksparrow

hacksparrow commented Dec 2, 2018

Copy link
Copy Markdown
Owner

@kauegimenes we can land this, please squash the commits messages into a single descriptive one.

kaue added 2 commits December 2, 2018 13:57
@kaue
CVE-2017-16088 make sure context is clear
e34bc16 
should not have access to Node.js objects
lint
0.4.2
should not have access to Node.js objects using Object.getPrototypeOf (CWE-265)
should not have access to Node.js objects using Object.getPrototypeOf with context (CWE-265)
should check prototype also
lint
lint
stop using template string for clearContext function
@kaue
squash
9d083c2
@kaue

kaue commented Dec 2, 2018

Copy link
Copy Markdown
Contributor Author

@hacksparrow LGTM

@kaue

kaue commented Dec 5, 2018

Copy link
Copy Markdown
Contributor Author

@hacksparrow can you merge this?

@kaue

kaue commented Dec 12, 2018

Copy link
Copy Markdown
Contributor Author

start maintaining your packages @hacksparrow, another week without a reply from you

@hacksparrow hacksparrow merged commit 5e60f4a into hacksparrow:master Dec 14, 2018
hacksparrow added a commit that referenced this pull request Dec 14, 2018
@hacksparrow
Revert "[CVE-2017-16088] Sandbox Breakout (Critical Security Fix) - c…
a99c69d 
…ontext clear (#13)"

This reverts commit 5e60f4a.
hacksparrow added a commit that referenced this pull request Dec 14, 2018
@hacksparrow
Revert "[CVE-2017-16088] Sandbox Breakout (Critical Security Fix) - c…
23319e3 
…ontext clear (#13)" (#14)

This reverts commit 5e60f4a.
@kaue

kaue commented Dec 15, 2018
edited
Loading

Copy link
Copy Markdown
Contributor Author

test fails because

fatal: Couldn't find remote ref refs/pull/14/merge
The command "eval git fetch origin +refs/pull/14/merge: " failed. Retrying, 2 of 3.

this is not related to the PR code.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kaue @hacksparrow