ThatGuyJack/nginx-proxy-manager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2025-06-17 17:56:27 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Mitigate CVE-2023-23596 by changing child_process.exec to child_process.execFile

Browse Source
This commit is contained in:
Kamil Skrzypinski
2023-02-26 20:10:25 +01:00
parent fd30cfe98b
commit 7fe7e94fbd
2 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/internal/access-list.js
View File

@ -507,7 +507,7 @@ const internalAccessList = {
if (typeof item.password !== 'undefined' && item.password.length) {
logger.info('Adding: ' + item.username);
utils.exec('/usr/bin/htpasswd -b "' + htpasswd_file + '" "' + item.username + '" "' + item.password + '"')
utils.execFile('/usr/bin/htpasswd',['-b', htpasswd_file, item.username, item.password])
.then((/*result*/) => {
next();
})