Cov neeg tsim tawm ntawm lub server-sab JavaScript platform Node.js tau tshaj tawm cov kev kho kom raug 12.22.4, 14.17.4 thiab 16.6.0, uas kho qee qhov tsis zoo (CVE-2021-22930) hauv http2 module (HTTP/2.0 tus neeg siv) , uas tso cai rau koj los pib qhov txheej txheem sib tsoo lossis muaj peev xwm teeb tsa kev ua tiav ntawm koj cov lej hauv lub kaw lus thaum nkag mus rau tus tswv tsev tswj hwm los ntawm tus neeg tawm tsam.
Qhov teeb meem yog tshwm sim los ntawm kev nkag mus rau lub cim xeeb uas twb tau tso tseg thaum kaw qhov kev sib txuas tom qab tau txais RST_STREAM (xov rov pib dua) thav duab rau cov xov uas ua haujlwm hnyav nyeem ntawv uas thaiv cov ntawv sau. Yog tias RST_STREAM thav duab tau txais yam tsis tau hais qhia qhov yuam kev, http2 module kuj tseem hu rau cov txheej txheem ntxuav cov ntaub ntawv uas twb tau txais lawm, los ntawm qhov uas tus tuav kaw raug hu rov qab rau cov kwj twb kaw lawm, uas ua rau ob npaug tso tawm ntawm cov ntaub ntawv qauv.
Cov kev sib tham thaj sau tseg tias qhov teeb meem tsis daws tau tag nrho thiab, raws li kev hloov kho me ntsis, tseem tshwm sim hauv kev tshaj tawm tshiab. Kev tsom xam pom tias qhov kho tsuas yog npog ib qho tshwj xeeb xwb - thaum cov xov nyob hauv hom nyeem, tab sis tsis suav nrog lwm cov xov xwm (nyeem ntawv thiab ncua, ncua thiab qee hom kev sau ntawv).
Tau qhov twg los: opennet.ru