diff options
author | Matteo Collina <hello@matteocollina.com> | 2021-01-14 16:04:44 +0100 |
---|---|---|
committer | Richard Lau <rlau@redhat.com> | 2021-02-22 17:12:37 +0000 |
commit | 1564752d553f582c8048ee45614f870ee2a446c9 (patch) | |
tree | 8afa4051e49361d16e6b59566ab38192ec421adf | |
parent | e69177a08846dfc4147bd0c6db0290206d6c4eaa (diff) | |
download | node-new-1564752d553f582c8048ee45614f870ee2a446c9.tar.gz |
src: drop localhost6 as allowed host for inspector
CVE-ID: CVE-2021-22884
Refs: https://hackerone.com/bugs?report_id=1069487
PR-URL: https://github.com/nodejs-private/node-private/pull/244
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Mary Marchini <oss@mmarchini.me>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Michaƫl Zasso <targos@protonmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
-rw-r--r-- | src/inspector_socket.cc | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/src/inspector_socket.cc b/src/inspector_socket.cc index a7019281af..25f3787155 100644 --- a/src/inspector_socket.cc +++ b/src/inspector_socket.cc @@ -584,8 +584,7 @@ class HttpHandler : public ProtocolHandler { bool IsAllowedHost(const std::string& host_with_port) const { std::string host = TrimPort(host_with_port); return host.empty() || IsIPAddress(host) - || node::StringEqualNoCase(host.data(), "localhost") - || node::StringEqualNoCase(host.data(), "localhost6"); + || node::StringEqualNoCase(host.data(), "localhost"); } bool parsing_value_; |