Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-8634

Make hidden _v8_function property read-only

    XMLWordPrintable

Details

    • ALL
    • Hide

      db.eval('Mongo._v8_function = 0x31337; new Mongo();');

      Show
      db.eval('Mongo._v8_function = 0x31337; new Mongo();');

    Description

      The non-enumerated _v8_function property can be overwritten with a user-supplied value, which will cause the process to crash when v8Callback() tries to access the property as an External type.

      Should be trivial to fix by making the property read-only.

      Attachments

        Activity

          People

            benjamin.becker Ben Becker
            benjamin.becker Ben Becker
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: