You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
According to the threat model, loaded code is trusted. What I want to know is, if a vulnerability is requireing monkey-patching to bypass the permission model, is it still recognized as a valid vulnerability? The response will direct my security research, thank you.
The text was updated successfully, but these errors were encountered:
Most of the time, yes. If you find a way to use the official require('fs') module to bypass the capabilities imposed by the permission model, it is likely to be accepted. Important to note it should not be recognized as known limitation in https://nodejs.org/api/permissions.html#limitations-and-known-issues
According to the threat model, loaded code is trusted. What I want to know is, if a vulnerability is requireing monkey-patching to bypass the permission model, is it still recognized as a valid vulnerability? The response will direct my security research, thank you.
The text was updated successfully, but these errors were encountered: