Cov neeg tsim tawm ntawm server-sab JavaScript platform Node.js kho qhov tso tawm 13.8.0, 12.15.0 thiab 10.19.0, uas kho peb qhov tsis zoo:
- CVE-2019-15606 - Kev tuav tsis raug ntawm cov cim chaw xaiv (OWS) tom qab tus nqi hauv HTTP header;
- CVE-2019-15605 - muaj peev xwm ua tiav HRS nres (HTTP Thov Smuggling, wedge rau hauv cov ntsiab lus ntawm lwm qhov kev thov ua tiav nyob rau hauv tib lub xov ntawm lub frontend thiab backend) los ntawm kev sib kis ntawm ib qho tshwj xeeb tsim Transfer-Encoding HTTP header;
- CVE-2019-15604 yog qhov chaw deb ua rau TLS neeg rau zaub mov sib tsoo los ntawm kev sib kis ntawm txoj hlua tsis raug hauv daim ntawv pov thawj.
Tsis tas li ntawd, hauv kev tshaj tawm tshiab, kev ua haujlwm tau ua tiav los txhim kho kev ruaj ntseg ntawm HTTP parser thiab kev sib cais nruj dua ntawm HTTP thov cov ntsiab lus. Qhov kev hloov pauv yuav ua rau muaj teeb meem kev sib raug zoo nrog HTTP kev siv uas ua txhaum qhov kev qhia tshwj xeeb. Txhawm rau lov tes taw hom kev txheeb xyuas nruj, qhov kev teeb tsa tsis ruaj ntsegHTTPParser thiab cov kab hais kom ua "-insecure-http-parser" yog muab.
Tau qhov twg los: opennet.ru