top | item 27991074

(no title)

CryoLogic | 4 years ago

If a NodeJS application accepts a value from the client application, but validates against an early call (e.g. min 25 mins from now) the Infinity value can bypass that validation.

Because it's a relatively unknown side effect, most validations probably wouldn't check for Infinity.

Plus although Infinity pops off the timer at 0 seconds, a validation based on millisecond math would fail because Infinity > 25 minutes in milliseconds.

discuss

No comments yet.