src: drop localhost6 as allowed host for inspector

CVE-ID: CVE-2021-22884 Refs: https://hackerone.com/bugs?report_id=1069487 PR-URL: nodejs-private/node-private#244 Reviewed-By: Beth Griggs <[email protected]> Reviewed-By: Daniel Bevenius <[email protected]> Reviewed-By: Mary Marchini <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Rich Trott <[email protected]>
nodejs · Feb 18, 2021 · 43ae9c4 · 43ae9c4
1 parent 9fc96f4
commit 43ae9c4
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/src/inspector_socket.cc b/src/inspector_socket.cc
@@ -580,8 +580,7 @@ class HttpHandler : public ProtocolHandler {
   bool IsAllowedHost(const std::string& host_with_port) const {
     std::string host = TrimPort(host_with_port);
     return host.empty() || IsIPAddress(host)
-           || node::StringEqualNoCase(host.data(), "localhost")
-           || node::StringEqualNoCase(host.data(), "localhost6");
+           || node::StringEqualNoCase(host.data(), "localhost");
   }
 
   bool parsing_value_;