Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/nodejs/node.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/src/inspector_socket.cc
diff options
context:
space:
mode:
authorMatteo Collina <hello@matteocollina.com>2021-01-14 18:04:44 +0300
committerBeth Griggs <bgriggs@redhat.com>2021-02-23 13:50:56 +0300
commit10d9efe9650daa485a1996039c219e2273665d7f (patch)
treed221f6a024a7650b962780e4670803b774185af4 /src/inspector_socket.cc
parent954d911d98d3f6ed592f96e59189a0acd9ade0d0 (diff)
src: drop localhost6 as allowed host for inspector
CVE-ID: CVE-2021-22884 Refs: https://hackerone.com/bugs?report_id=1069487 PR-URL: https://github.com/nodejs-private/node-private/pull/244 Reviewed-By: Beth Griggs <bgriggs@redhat.com> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Mary Marchini <oss@mmarchini.me> Reviewed-By: Michael Dawson <midawson@redhat.com> Reviewed-By: Michaƫl Zasso <targos@protonmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
Diffstat (limited to 'src/inspector_socket.cc')
-rw-r--r--src/inspector_socket.cc3
1 files changed, 1 insertions, 2 deletions
diff --git a/src/inspector_socket.cc b/src/inspector_socket.cc
index 35306af3c66..9014bf3e3ff 100644
--- a/src/inspector_socket.cc
+++ b/src/inspector_socket.cc
@@ -580,8 +580,7 @@ class HttpHandler : public ProtocolHandler {
bool IsAllowedHost(const std::string& host_with_port) const {
std::string host = TrimPort(host_with_port);
return host.empty() || IsIPAddress(host)
- || node::StringEqualNoCase(host.data(), "localhost")
- || node::StringEqualNoCase(host.data(), "localhost6");
+ || node::StringEqualNoCase(host.data(), "localhost");
}
bool parsing_value_;
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-05 10:29:40 +0300