A cikin uwar garken http
(CVE-2019-16278), wanda ke bawa maharin damar aiwatar da lamba daga nesa akan sabar ta hanyar aika buƙatun HTTP na musamman. Za a gyara batun a saki
Rashin lahani yana faruwa ta hanyar kuskure a cikin aikin http_verify, wanda ke rasa damar yin amfani da abubuwan da ke cikin tsarin fayil a wajen tushen tushen rukunin yanar gizon ta hanyar wuce jerin ".%0d./" a cikin hanyar. Rashin lahani yana faruwa ne saboda ana yin duban kasancewar haruffan “../” kafin a aiwatar da aikin daidaita hanyar, wanda a ciki aka cire sabbin haruffa (% 0d) daga igiyar.
domin
source: budenet.ru