Nodejs/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2024-11-21 10:59:27 +00:00
Code Issues Actions 25 Packages Projects Releases Wiki Activity

doc: mention node:wasi in the Threat Model

Browse Source 
PR-URL: https://github.com/nodejs/node/pull/51211
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
This commit is contained in:
Rafael Gonzaga 2023-12-21 12:55:52 +00:00 committed by GitHub
parent ddb58bfd4e
commit a71210ba60
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
SECURITY.md
View File

@ -124,6 +124,8 @@ lead to a loss of confidentiality, integrity, or availability.
end being on the local machine or remote.
6. The file system when requiring a module.
See <https://nodejs.org/api/modules.html#all-together>.
7. The `node:wasi` module does not currently provide the comprehensive file
system security properties provided by some WASI runtimes.
Any unexpected behavior from the data manipulation from Node.js Internal
functions may be considered a vulnerability if they are exploitable via