github.com/nodejs/node.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Tobias Nießen <tniessen@tnie.de>	2022-09-25 15:34:05 +0300
committer	Beth Griggs <bethanyngriggs@gmail.com>	2022-11-02 01:56:04 +0300
commit	9ffddd7098751cf888c611edac654607d7548c6d (patch)
tree	d3ecb564be1159f479ddaab392b912d70adecc15 /glossary.md
parent	7051ba4501883955daa6bf8e442fef0c32aa5ea3 (diff)

inspector: harden IP address validation again

Use inet_pton() to parse IP addresses, which restricts IP addresses to a small number of well-defined formats. In particular, octal and hexadecimal number formats are not allowed, and neither are leading zeros. Also explicitly reject 0.0.0.0/8 and ::/128 as non-routable. Refs: https://hackerone.com/reports/1710652 CVE-ID: CVE-2022-43548 PR-URL: https://github.com/nodejs-private/node-private/pull/354 Reviewed-by: Michael Dawson <midawson@redhat.com> Reviewed-by: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-by: Rich Trott <rtrott@gmail.com>

Diffstat (limited to 'glossary.md')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: