projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ca2e12b) | patch
package/jszip: fix CVE-2021-23413
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Mon, 9 Aug 2021 10:00:37 +0000 (12:00 +0200)
committerThomas Petazzoni <thomas.petazzoni@bootlin.com>
Thu, 12 Aug 2021 21:54:48 +0000 (23:54 +0200)
commit921830e92d8bc79c444b9c03d9af4242226434e6
treeef9186b8213bf8aea83456f681ff53d4f7487797tree
parentca2e12b4fc5215c8e4f261ef9b0b2d5761f9472ccommit | diff
package/jszip: fix CVE-2021-23413

This affects the package jszip before 3.7.0. Crafting a new zip file
with filenames set to Object prototype values (e.g __proto__, toString,
etc) results in a returned object with a modified prototype instance.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
package/jszip/0001-fix-Use-a-null-prototype-object-for-this-files.patch [new file with mode: 0644] blob
package/jszip/jszip.mk diff | blob | history