Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Done
Priority: Major - P3
Fix Version/s: 2.4.0-rc1
Affects Version/s: 2.4.0-rc0
Component/s: JavaScript
Labels:
- javascript
- security

Operating System:
ALL
Steps To Reproduce:

Hide

db.eval('Mongo._v8_function = 0x31337; new Mongo();');

Show
db.eval('Mongo._v8_function = 0x31337; new Mongo();');

The non-enumerated _v8_function property can be overwritten with a user-supplied value, which will cause the process to crash when v8Callback() tries to access the property as an External type.

Should be trivial to fix by making the property read-only.

Assignee:: Ben Becker

Reporter:: Ben Becker

Participants:: auto, Ben Becker

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: Feb 20 2013 06:51:24 PM UTC

Updated:: Jul 11 2016 05:56:10 PM UTC

Resolved:: Feb 20 2013 08:38:25 PM UTC

Details

Description

Attachments

Activity

People

Dates