dev-python/js2py/files/js2py-0.74-CVE-2024-28397.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

# https://nvd.nist.gov/vuln/detail/CVE-2024-28397
# https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape/blob/main/patch.txt
# https://github.com/PiotrDabkowski/Js2Py/pull/323
# https://github.com/Marven11/Js2Py/commit/56e244eb

Author: Marven11 <110723864+Marven11@users.noreply.github.com>
Date: Fri, 1 Mar 2024 12:53:58 +0800

diff --git a/js2py/constructors/jsobject.py b/js2py/constructors/jsobject.py
index c4e0ada3..b1806ea6 100644
--- a/js2py/constructors/jsobject.py
+++ b/js2py/constructors/jsobject.py
@@ -49,7 +49,7 @@ def getOwnPropertyNames(obj):
             raise MakeError(
                 'TypeError',
                 'Object.getOwnPropertyDescriptor called on non-object')
-        return obj.own.keys()
+        return list(obj.own.keys())
 
     def create(obj):
         if not (obj.is_object() or obj.is_null()):