From c13a5c03732b2cc608179117c7c39fc902d03453 Mon Sep 17 00:00:00 2001 From: Rafael Gonzaga Date: Thu, 21 Dec 2023 12:55:52 +0000 Subject: [PATCH] doc: mention node:wasi in the Threat Model PR-URL: https://github.com/nodejs/node/pull/51211 Reviewed-By: Michael Dawson Reviewed-By: Marco Ippolito --- SECURITY.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/SECURITY.md b/SECURITY.md index 85c185df6006cb..f5b17eb626987d 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -124,6 +124,8 @@ lead to a loss of confidentiality, integrity, or availability. end being on the local machine or remote. 6. The file system when requiring a module. See . +7. The `node:wasi` module does not currently provide the comprehensive file + system security properties provided by some WASI runtimes. Any unexpected behavior from the data manipulation from Node.js Internal functions may be considered a vulnerability if they are exploitable via