ProHoster > Блог > labaran intanet > Rashin lahani a cikin lambar VS, Grafana, GNU Emacs da Apache Fineract

Rashin lahani a cikin lambar VS, Grafana, GNU Emacs da Apache Fineract

An gano raunin da yawa kwanan nan:

  • An gano wani mummunan rauni (CVE-2022-41034) a cikin Editan Kayayyakin Kayayyakin Kayayyakin Kayayyakin (VS Code), wanda ke ba da damar aiwatar da lambar lokacin da mai amfani ya buɗe hanyar haɗin da maharin ya shirya. Ana iya aiwatar da lambar a kan kwamfutar da ke aiki da lambar VS da kuma kan kowane kwamfutoci da ke da alaƙa da lambar VS ta amfani da aikin "Ci gaban Nesa". Matsalar tana haifar da babbar barazana ga masu amfani da sigar gidan yanar gizo na VS Code da masu gyara gidan yanar gizo dangane da ita, gami da GitHub Codespaces da github.dev.

    Rashin lahani yana faruwa ne ta hanyar ikon aiwatar da hanyoyin haɗin sabis "umarni:" don buɗe taga tare da tashoshi da aiwatar da umarnin harsashi na sabani a ciki, lokacin aiki a cikin edita na musamman da aka ƙera a cikin tsarin Jypiter Notebook wanda aka zazzage daga sabar gidan yanar gizo wanda ke sarrafa shi. maharin (fayilolin waje tare da tsawo ".ipynb" ba tare da ƙarin tabbaci ana buɗe su a cikin yanayin "isTrusted", wanda ke ba da damar sarrafa "umurni:").

  • An gano wani rauni (CVE-2022-45939) a cikin editan rubutu na GNU Emacs, wanda ke ba da damar aiwatar da umarni yayin buɗe fayil tare da lamba, ta hanyar maye gurbin haruffa na musamman a cikin sunan da aka sarrafa ta amfani da kayan aikin ctag.
  • An gano wani rauni (CVE-2022-31097) a cikin buɗaɗɗen dandali na gani na bayanai Grafana, wanda ke ba da damar aiwatar da lambar JavaScript lokacin nuna sanarwa ta hanyar Faɗakarwar Grafana. Mai kai hari tare da haƙƙin Edita na iya shirya hanyar haɗin yanar gizo ta musamman da aka ƙera kuma ya sami dama ga mahaɗin Grafana tare da haƙƙin gudanarwa idan mai gudanarwa ya danna wannan hanyar haɗin. An magance rashin lafiyar a cikin sakin Grafana 9.2.7, 9.3.0, 9.0.3, 8.5.9, 8.4.10 da 8.3.10.
  • Rashin lahani (CVE-2022-46146) a cikin ɗakin karatu na kayan aikin fitarwa da aka yi amfani da shi don ƙirƙirar samfuran fitarwa na awo don Prometheus. Matsalar tana ba ku damar ƙetare ingantaccen tabbaci.
  • Rashin lahani (CVE-2022-44635) a cikin dandamali don ƙirƙirar sabis na kuɗi Apache Fineract, wanda ke ba da damar mai amfani mara inganci don cimma nasarar aiwatar da lambar nesa. Matsalar ta samo asali ne saboda rashin gujewa da kyau na "..." haruffa a cikin hanyoyin da aka sarrafa ta bangaren loda fayiloli. An daidaita raunin a cikin sakin Apache Fineract 1.7.1 da 1.8.1.
  • Rashin lahani (CVE-2022-46366) a cikin tsarin Apache Tapestry Java wanda ke ba da damar yin amfani da lambar lokacin da aka tsara bayanan musamman. Matsalar tana bayyana ne kawai a cikin tsohon reshe na Apache Tapestry 3.x, wanda ba a tallafawa.
  • Rashin lahani a cikin masu samar da iska na Apache zuwa Hive (CVE-2022-41131), Pinot (CVE-2022-38649), Alade (CVE-2022-40189) da Spark (CVE-2022-40954), yana haifar da aiwatar da lambar nesa ta hanyar lodawa. fayilolin sabani ko maye gurbin umarni a cikin mahallin aiwatar da aikin ba tare da rubuta damar yin amfani da fayilolin DAG ba.

source: budenet.ru

Add a comment