diff options
| author | Matteo Collina <hello@matteocollina.com> | 2021-01-14 18:04:44 +0300 |
|---|---|---|
| committer | Beth Griggs <bgriggs@redhat.com> | 2021-02-18 14:41:17 +0300 |
| commit | 43ae9c46c35a935723a9109828c87380d781e147 (patch) | |
| tree | 8c50d797298d251bfdc41eb8c6bacff05f249428 /src | |
| parent | 9fc96f4029d391505d11addf2a7b09167d884ce0 (diff) | |
src: drop localhost6 as allowed host for inspector
CVE-ID: CVE-2021-22884
Refs: https://hackerone.com/bugs?report_id=1069487
PR-URL: https://github.com/nodejs-private/node-private/pull/244
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Mary Marchini <oss@mmarchini.me>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Michaƫl Zasso <targos@protonmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/inspector_socket.cc | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/src/inspector_socket.cc b/src/inspector_socket.cc index 35306af3c66..9014bf3e3ff 100644 --- a/src/inspector_socket.cc +++ b/src/inspector_socket.cc @@ -580,8 +580,7 @@ class HttpHandler : public ProtocolHandler { bool IsAllowedHost(const std::string& host_with_port) const { std::string host = TrimPort(host_with_port); return host.empty() || IsIPAddress(host) - || node::StringEqualNoCase(host.data(), "localhost") - || node::StringEqualNoCase(host.data(), "localhost6"); + || node::StringEqualNoCase(host.data(), "localhost"); } bool parsing_value_; |