Skip to content

Commit 31ee293

Browse files
Universal: Patch for 'follow-redirect' - CVE-2022-0155 & CVE-2022-0536 (#270)
1 parent 08995a5 commit 31ee293

File tree

1 file changed

+5
-0
lines changed
  • src/universal/.devcontainer/local-features/setup-user

1 file changed

+5
-0
lines changed

src/universal/.devcontainer/local-features/setup-user/install.sh

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,11 @@ NPM_PACKAGES_LIST="decode-uri-component
4949
cd /usr/local/share/nvm/versions/node/v14*/lib/node_modules/npm
5050
npm install ${NPM_PACKAGES_LIST}
5151

52+
# Temporary: Due to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0536 & https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0155
53+
rm -rf /usr/local/nvs/deps/node_modules/follow-redirects/*
54+
curl -sSL https://github.com/follow-redirects/follow-redirects/archive/refs/tags/v1.15.2.tar.gz | tar -xzC /tmp 2>&1
55+
mv /tmp/follow-redirects-1.15.2/* /usr/local/nvs/deps/node_modules/follow-redirects/
56+
5257
# Enables the oryx tool to generate manifest-dir which is needed for running the postcreate tool
5358
DEBIAN_FLAVOR="focal-scm"
5459
mkdir -p /opt/oryx && echo "vso-focal" > /opt/oryx/.imagetype

0 commit comments

Comments
 (0)