Ndị mmepe nke ikpo okwu Javascript n'akụkụ sava Node.js mmezi weputara 13.8.0, 12.15.0 na 10.19.0, nke na-edozi adịghị ike atọ:
- CVE-2019-15606 - Ijikwa mkpụrụedemede oghere nhọrọ (OWS) na-ezighi ezi na-eso uru dị na nkụnye eji isi mee HTTP;
- CVE-2019-15605 - ohere nke ibu agha HRS (HTTP Arịrịọ Smuggling, wedge n'ime ọdịnaya nke arịrịọ ndị ọzọ edoziri n'otu eri ahụ n'etiti frontend na azụ azụ) site na nnyefe nke isi ihe nfefe-encoding HTTP emebere nke ọma;
- CVE-2019-15604 bụ okuku sava TLS kpalitere site na nnyefe nke eriri na-ezighi ezi na asambodo.
Na mgbakwunye, na mwepụta ọhụrụ, arụla ọrụ iji melite nchekwa nke HTTP parser yana nlebawanye nke ihe HTTP siri ike. Mgbanwe ahụ nwere ike ịkpata nsogbu ndakọrịta na mmejuputa HTTP na-emebi nkọwapụta. Iji gbanyụọ ọnọdụ nkwenye siri ike, a na-enye ntọala HTTPParser na-enweghị nchebe yana nhọrọ ahịrị iwu "-enweghị nchebe-http-parser".
isi: opennet.ru