Nice writeup on Deno sandbox issues. Funny how most of it boils down to a very basic issue: they did security checks on the normalized file path, only to perform the actual operations with the original messy path (which was then interpreted differently). via npub1axy6vx592l625hdespykmu5qndjgprms2wxdrke49n2rqzpwrdfqcclves (npub1axy…lves)
https://secfault-security.com/blog/deno.html
Yellow Flag /
npub190…f5wdd
2024-04-23 18:08:27
Author Public Key
npub190z95jsfjmjuzvdrq2t27ucldpvvsvh46tcxl9elexhy9mp2qeps6f5wddPublished at
2024-04-23 18:08:27Event JSON
{
"id": "da57832f419908b5ec75fb7326060409972ddaf639ec20e59226132aea4d5bcd",
"pubkey": "2bc45a4a0996e5c131a30296af731f6858c832f5d2f06f973fc9ae42ec2a0643",
"created_at": 1713895707,
"kind": 1,
"tags": [
[
"p",
"e989a61a8557f4aa5db980496df2809b64808f70538cd1db352cd430082e1b52",
"wss://relay.mostr.pub"
],
[
"p",
"de6a1390edd2f9b096cebc2adcf697377eb3a18300fcef3e55cfc39b367a9be4",
"wss://relay.mostr.pub"
],
[
"proxy",
"https://infosec.exchange/users/WPalant/statuses/112321869088115314",
"activitypub"
]
],
"content": "Nice writeup on Deno sandbox issues. Funny how most of it boils down to a very basic issue: they did security checks on the normalized file path, only to perform the actual operations with the original messy path (which was then interpreted differently). via nostr:npub1axy6vx592l625hdespykmu5qndjgprms2wxdrke49n2rqzpwrdfqcclves \n\nhttps://secfault-security.com/blog/deno.html",
"sig": "e47441eb17cd694ae355105ab4c383e3622cfb67d26a3d3eedac16c3554f9dd865fb5cae0f5c2b25b28c8c315b1c92f720a53bc1e4426dc43b4ea3918c21ecbc"
}