[SERVER-8634] Make hidden _v8_function property read-only - MongoDB Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major - P3
Resolution: Fixed
Affects Version/s: 2.4.0-rc0
Fix Version/s: 2.4.0-rc1
Component/s: JavaScript
Labels:
- javascript
- security

Operating System:
ALL
Steps To Reproduce:

Hide

db.eval('Mongo._v8_function = 0x31337; new Mongo();');

Show
db.eval('Mongo._v8_function = 0x31337; new Mongo();');

Description

The non-enumerated _v8_function property can be overwritten with a user-supplied value, which will cause the process to crash when v8Callback() tries to access the property as an External type.

Should be trivial to fix by making the property read-only.

Attachments

Activity

People

Assignee:: Ben Becker

Reporter:: Ben Becker

Participants:: auto, Ben Becker

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: Feb 20 2013 06:51:24 PM UTC

Updated:: Jul 11 2016 05:56:10 PM UTC

Resolved:: Feb 20 2013 08:38:25 PM UTC