Rau kev tswj cov ntsiab lus pub dawb , sau hauv Python siv Zope daim ntawv thov server, thaj ua rau thaj nrog tshem tawm (CVE tseem tsis tau muab tso rau). Cov teeb meem cuam tshuam rau txhua qhov kev tshaj tawm tam sim no ntawm Plone, suav nrog kev tso tawm ob peb hnub dhau los . Cov teeb meem tau npaj yuav raug kho nyob rau yav tom ntej tso tawm ntawm Plone 4.3.20, 5.1.7 thiab 5.2.2, ua ntej tshaj tawm uas nws tau hais kom siv .
Txheeb xyuas qhov tsis zoo (cov ntsiab lus tseem tsis tau nthuav tawm):
- Kev nce qib ntawm cov cai los ntawm kev tswj hwm ntawm Rest API (tsuas tshwm sim thaum plone.restapi qhib);
- Hloov pauv ntawm SQL code vim tsis txaus khiav ntawm SQL tsim hauv DTML thiab cov khoom siv txuas rau DBMS (qhov teeb meem tshwj xeeb rau thiab tshwm hauv lwm daim ntawv thov raws li nws);
- Muaj peev xwm rov sau cov ntsiab lus los ntawm kev tswj hwm nrog PUT txoj kev tsis muaj cai sau ntawv;
- Qhib redirect hauv daim ntawv nkag;
- Muaj peev xwm kis tau cov kab mob sab nraud los ntawm kev hla isURLInPortal check;
- Kev kuaj xyuas tus password tsis ua haujlwm hauv qee kis;
- Hla-site scripting (XSS) los ntawm kev hloov code hauv lub npe teb.
Tau qhov twg los: opennet.ru