Make hidden _v8_function property read-only

XMLWordPrintableJSON

    • ALL
    • Hide

      db.eval('Mongo._v8_function = 0x31337; new Mongo();');

      Show
      db.eval('Mongo._v8_function = 0x31337; new Mongo();');
    • None
    • 3
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      The non-enumerated _v8_function property can be overwritten with a user-supplied value, which will cause the process to crash when v8Callback() tries to access the property as an External type.

      Should be trivial to fix by making the property read-only.

              Assignee:
              Ben Becker (Inactive)
              Reporter:
              Ben Becker (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: