github/cordova-android
github/cordova-android
3
0
Fork 1
mirror of https://github.com/apache/cordova-android.git synced 2025-02-24 18:12:54 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: Account for Node security patch (#1778)

Browse Source 
As of https://nodejs.org/en/blog/vulnerability/april-2024-security-releases-2#command-injection-via-args-parameter-of-child_processspawn-without-shell-option-enabled-on-windows-cve-2024-27980---high

Cordova produce unrecognized error on Windows.

Fixes: https://github.com/apache/cordova-cli/issues/456

---------

Co-authored-by: Norman Breau <norman@breautek.com>
This commit is contained in:
Andrii Kurdiumov 2025-02-18 16:53:18 +05:00 committed by GitHub
parent eb0f002112
commit 8f458b042b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/check_reqs.js
View File

@ -110,7 +110,9 @@ module.exports.get_gradle_wrapper = function () {
let program_dir; let program_dir;
// OK, This hack only works on Windows, not on Mac OS or Linux. We will be deleting this eventually! // OK, This hack only works on Windows, not on Mac OS or Linux. We will be deleting this eventually!
if (module.exports.isWindows()) { if (module.exports.isWindows()) {
const result = execa.sync(path.join(__dirname, 'getASPath.bat')); // "shell" option enabled for CVE-2024-27980 (Windows) Mitigation
// See https://nodejs.org/en/blog/vulnerability/april-2024-security-releases-2 for more details
const result = execa.sync(path.join(__dirname, 'getASPath.bat'), { shell: true });
// console.log('result.stdout =' + result.stdout.toString()); // console.log('result.stdout =' + result.stdout.toString());
// console.log('result.stderr =' + result.stderr.toString()); // console.log('result.stderr =' + result.stderr.toString());