ProHoster > Блог > labaran intanet > Rashin lahani a cikin NPM wanda ke ba da damar gyara fayilolin sabani yayin shigar da kunshin
Rashin lahani a cikin NPM wanda ke ba da damar gyara fayilolin sabani yayin shigar da kunshin
A cikin sabuntawa zuwa NPM 6.13.4, mai sarrafa fakitin ya haɗa da Node.js kuma ya yi amfani da shi don rarraba kayan aikin JavaScript, lahani uku (, и ), wanda ke ba da damar gyara ko sake rubuta fayilolin tsarin ba bisa ƙa'ida ba lokacin shigar da fakitin da aka ƙera da mugunta. Hanya mafi kyau ita ce shigar da zaɓin "--ignore-scripts", wanda ke hana aiwatar da masu sarrafa fakitin da aka gina a ciki. Masu haɓaka NPM sun bincika fakitin a cikin ma'ajiyar kuma ba su sami wata shaida ta amfani da raunin da aka gano don hare-hare ba.
CVE-2019-16777 A cikin fitowar da ta gabata kafin 6.13.4, wannan fasalin yana ba ku damar sake rubuta abubuwan aiwatarwa na tsarin yayin shigar da fakiti na duniya. Fayiloli ne kawai a cikin babban fayil ɗin da aka sanya abubuwan aiwatarwa (yawanci /usr/local/bin) za a iya sake rubuta su.
и bayyana a cikin sakewa kafin 6.13.3 kuma ba da damar rubuta fayil na ba bisa ƙa'ida ba ta hanyar ƙirƙirar hanyar haɗi ta alama zuwa fayiloli a wajen kundin adireshi tare da kayayyaki (node_modules) ko ta hanyar sarrafa filin bin a cikin package.json (an yarda da hanyoyin da ke da "/../" a cikin filin bin).
Muna amfani da fayiloli kukidomin tabbatar da mafi kyawun kwarewa a gidan yanar gizon mu. Ta hanyar ci gaba da amfani da shafin, kun yarda da manufofin sirrinmu.Don karba
Sayi amintaccen masauki don shafuka tare da kariyar DDoS, sabar VPS VDS🔥 Sayi ingantaccen masaukin yanar gizo tare da kariyar DDoS, sabar VPS VDS | ProHoster
