Skip to content

Add vuln docker CVE-2020-7699#390

Open
jiexixijie wants to merge 8 commits into
vulhub:masterfrom
jiexixijie:CVE-2020-7699
Open

Add vuln docker CVE-2020-7699#390
jiexixijie wants to merge 8 commits into
vulhub:masterfrom
jiexixijie:CVE-2020-7699

Conversation

@jiexixijie

@jiexixijie jiexixijie commented Nov 9, 2022

Copy link
Copy Markdown

Signed-off-by: jiexixijie han942533279@gmail.com

NodeJS expresss-fileupload模块原型链污染漏洞(CVE-2022-7699)

@SurfRid3r
CVE-2020-7699
642684a 
Signed-off-by: jiexixijie <han942533279@gmail.com>
phith0n
phith0n requested changes Nov 17, 2022
View reviewed changes

@phith0n phith0n left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

感谢,提了一些参考意见。

Comment thread node/CVE-2020-7699/Dockerfile Outdated
Comment thread node/CVE-2020-7699/package.json Outdated
"description": "CVE-2020-7699",
"main": "app.js",
"scripts": {
"start": "cd www/ && node app.js",

@phith0n phith0n Nov 17, 2022

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

可以直接将WORKDIR设置成/usr/src/www,没必要在cd了。

@jiexixijie jiexixijie Nov 21, 2022
edited
Loading

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

此处没有修改,WORKDIR设置成/usr/src/www,我试了下npm加载的node模块也会下载该目录下,后续挂载www文件时会覆盖这些模块导致起不来。目前没想到好办法。

Comment thread node/CVE-2020-7699/README.md Outdated
Comment thread node/CVE-2020-7699/docker-compose.yml Outdated
@SurfRid3r
Add English README
7034400 
Signed-off-by: jiexixijie <han942533279@gmail.com>
@SurfRid3r
update README
502870c 
Signed-off-by: jiexixijie <han942533279@gmail.com>
@SurfRid3r
Update README
77cf4eb 
Signed-off-by: jiexixijie <han942533279@gmail.com>
@SurfRid3r
Add empty uploads dir
8c1f493 
Signed-off-by: jiexixijie <han942533279@gmail.com>
@SurfRid3r
Update Node version
efea328 
Signed-off-by: jiexixijie <han942533279@gmail.com>
@SurfRid3r
update package.json for node16
bd1ee1b 
Signed-off-by: jiexixijie <han942533279@gmail.com>
@SurfRid3r
Update README
7817ff9 
Signed-off-by: jiexixijie <han942533279@gmail.com>
@jiexixijie

jiexixijie commented Nov 21, 2022

Copy link
Copy Markdown
Author

感谢p牛指正,修改了上述的一些问题。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@phith0n phith0n phith0n requested changes

+1 more reviewer

@earacicotjr-star earacicotjr-star earacicotjr-star approved these changes

Reviewers whose approvals may not affect merge requirements

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jiexixijie @phith0n @earacicotjr-star @SurfRid3r