mirror of
https://github.com/jc21/nginx-proxy-manager.git
synced 2024-08-30 18:22:48 +00:00
Mitigate CVE-2023-23596 by changing child_process.exec to child_process.execFile
This commit is contained in:
parent
fd30cfe98b
commit
7fe7e94fbd
@ -507,7 +507,7 @@ const internalAccessList = {
|
|||||||
if (typeof item.password !== 'undefined' && item.password.length) {
|
if (typeof item.password !== 'undefined' && item.password.length) {
|
||||||
logger.info('Adding: ' + item.username);
|
logger.info('Adding: ' + item.username);
|
||||||
|
|
||||||
utils.exec('/usr/bin/htpasswd -b "' + htpasswd_file + '" "' + item.username + '" "' + item.password + '"')
|
utils.execFile('/usr/bin/htpasswd',['-b', htpasswd_file, item.username, item.password])
|
||||||
.then((/*result*/) => {
|
.then((/*result*/) => {
|
||||||
next();
|
next();
|
||||||
})
|
})
|
||||||
|
@ -1,4 +1,5 @@
|
|||||||
const exec = require('child_process').exec;
|
const exec = require('child_process').exec;
|
||||||
|
const execFile = require('child_process').execFile;
|
||||||
|
|
||||||
module.exports = {
|
module.exports = {
|
||||||
|
|
||||||
@ -16,5 +17,21 @@ module.exports = {
|
|||||||
}
|
}
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
},
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param {Array} cmd
|
||||||
|
* @returns {Promise}
|
||||||
|
*/
|
||||||
|
execFile: function (cmd) {
|
||||||
|
return new Promise((resolve, reject) => {
|
||||||
|
execFile(cmd, function (err, stdout, /*stderr*/) {
|
||||||
|
if (err && typeof err === 'object') {
|
||||||
|
reject(err);
|
||||||
|
} else {
|
||||||
|
resolve(stdout.trim());
|
||||||
|
}
|
||||||
|
});
|
||||||
|
});
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
Loading…
Reference in New Issue
Block a user