On Friday, 6 September, 2013 at 4:25 PM, Andrew Kelley wrote:
in short, every post endpoint in which you use bodyParser is vulnerable to an attack which can fill up your hard drive with temp files.
--
--
Job Board: http://jobs.nodejs.org/
Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to nod...@googlegroups.com
To unsubscribe from this group, send email to
nodejs+un...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en
---
You received this message because you are subscribed to the Google Groups "nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nodejs+un...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
This is similar to "any application using var/log is vulnerable to run out of diskpace". This is why there is a Logrotate(8) http://linuxcommand.org/man_pages/logrotate8.html and tmpwatch http://linux.die.net/man/8/tmpwatch
in short, every post endpoint in which you use bodyParser is vulnerable to an attack which can fill up your hard drive with temp files.
--