Add vuln docker CVE-2020-7699 #390

jiexixijie · 2022-11-09T15:07:38Z

Signed-off-by: jiexixijie [email protected]

NodeJS expresss-fileupload模块原型链污染漏洞（CVE-2022-7699）

Signed-off-by: jiexixijie <[email protected]>

phith0n

感谢，提了一些参考意见。

node/CVE-2020-7699/Dockerfile

phith0n · 2022-11-17T15:33:43Z

node/CVE-2020-7699/package.json

+ "description": "CVE-2020-7699",
+ "main": "app.js",
+ "scripts": {
+ "start": "cd www/ && node app.js",


可以直接将WORKDIR设置成/usr/src/www，没必要在cd了。

此处没有修改，WORKDIR设置成/usr/src/www，我试了下npm加载的node模块也会下载该目录下，后续挂载www文件时会覆盖这些模块导致起不来。目前没想到好办法。

node/CVE-2020-7699/README.md

node/CVE-2020-7699/docker-compose.yml

Signed-off-by: jiexixijie <[email protected]>

jiexixijie · 2022-11-21T17:46:03Z

感谢p牛指正，修改了上述的一些问题。

CVE-2020-7699

642684a

Signed-off-by: jiexixijie <[email protected]>

jiexixijie force-pushed the CVE-2020-7699 branch from a48d876 to 642684a Compare November 9, 2022 15:21

phith0n requested changes Nov 17, 2022

View reviewed changes

SurfRid3r added 2 commits November 21, 2022 00:47

Add English README

7034400

Signed-off-by: jiexixijie <[email protected]>

update README

502870c

Signed-off-by: jiexixijie <[email protected]>

jiexixijie force-pushed the CVE-2020-7699 branch from 1f4fc39 to 502870c Compare November 20, 2022 17:02

SurfRid3r added 5 commits November 22, 2022 01:15

Update README

77cf4eb

Signed-off-by: jiexixijie <[email protected]>

Add empty uploads dir

8c1f493

Signed-off-by: jiexixijie <[email protected]>

Update Node version

efea328

Signed-off-by: jiexixijie <[email protected]>

update package.json for node16

bd1ee1b

Signed-off-by: jiexixijie <[email protected]>

Update README

7817ff9

Signed-off-by: jiexixijie <[email protected]>

Provide feedback