Mitigate CVE-2023-23596 by changing child_process.exec to child_process.execFile

2025-10-31 15:53:33 +00:00 · 2023-02-26 20:10:25 +01:00
parent fd30cfe98b
commit 7fe7e94fbd
2 changed files with 18 additions and 1 deletions
--- a/backend/lib/utils.js
+++ b/backend/lib/utils.js
@@ -1,4 +1,5 @@
 const exec = require('child_process').exec;
+const execFile = require('child_process').execFile;

 module.exports = {

@@ -16,5 +17,21 @@ module.exports = {
 				}
 			});
 		});
+	},
+
+	/**
+	 * @param   {Array} cmd
+	 * @returns {Promise}
+	 */
+	execFile: function (cmd) {
+		return new Promise((resolve, reject) => {
+			execFile(cmd, function (err, stdout, /*stderr*/) {
+				if (err && typeof err === 'object') {
+					reject(err);
+				} else {
+					resolve(stdout.trim());
+				}
+			});
+		});
 	}
 };