-
-
Notifications
You must be signed in to change notification settings - Fork 4.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add vuln docker CVE-2020-7699 #390
base: master
Are you sure you want to change the base?
Conversation
Signed-off-by: jiexixijie <han942533279@gmail.com>
a48d876
to
642684a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
感谢,提了一些参考意见。
node/CVE-2020-7699/package.json
Outdated
"description": "CVE-2020-7699", | ||
"main": "app.js", | ||
"scripts": { | ||
"start": "cd www/ && node app.js", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
可以直接将WORKDIR设置成/usr/src/www,没必要在cd了。
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
此处没有修改,WORKDIR设置成/usr/src/www,我试了下npm加载的node模块也会下载该目录下,后续挂载www文件时会覆盖这些模块导致起不来。目前没想到好办法。
Signed-off-by: jiexixijie <han942533279@gmail.com>
Signed-off-by: jiexixijie <han942533279@gmail.com>
1f4fc39
to
502870c
Compare
Signed-off-by: jiexixijie <han942533279@gmail.com>
Signed-off-by: jiexixijie <han942533279@gmail.com>
Signed-off-by: jiexixijie <han942533279@gmail.com>
Signed-off-by: jiexixijie <han942533279@gmail.com>
Signed-off-by: jiexixijie <han942533279@gmail.com>
感谢p牛指正,修改了上述的一些问题。 |
Signed-off-by: jiexixijie han942533279@gmail.com
NodeJS expresss-fileupload模块原型链污染漏洞(CVE-2022-7699)