Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[vulnerability][demo][acl][Web Worker] Global ACLs are not applied in web workers #234

Closed
t2ym opened this issue Mar 29, 2018 · 0 comments
Closed

[vulnerability][demo][acl][Web Worker] Global ACLs are not applied in web workers #234

t2ym opened this issue Mar 29, 2018 · 0 comments
Labels
vulnerability

Comments

@t2ym
Copy link
Owner

t2ym commented Mar 29, 2018

[vulnerability][demo][acl][Web Worker] Global ACLs are not applied in web workers

Root Cause

self global object, which is a property of WorkerGlobalScope.prototype === self.__proto__.__proto__, is not properly registered in _globalObjects for ACL

Mitigation

Restrict access to Worker() and SharedWorker() constructors in the window context
t2ym added a commit that referenced this issue Mar 29, 2018
@t2ym
[README][vulnerability fix][demo][acl] Fix #234. Properly register gl…
f0ceb39 
…obal properties of prototype chains to _globalObjects
@t2ym t2ym closed this as completed in f5c3a44 Mar 29, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
vulnerability
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@t2ym