Ngwungwu NPM pac-resolver, nke nwere ihe karịrị nde 3 nbudata kwa izu, nwere adịghị ike (CVE-2021-23406) nke na-enye ohere ka emee koodu Javascript ya na ọnọdụ nke ngwa ahụ mgbe ị na-eziga arịrịọ HTTP site na ọrụ Node.js nke nkwado ihe nkesa proxy ọrụ nhazi akpaaka.
Ngwungwu pc-resolver na-atụgharị faịlụ PAC nke gụnyere edemede nhazi proxy akpaka. Faịlụ PAC nwere koodu Javascript oge niile nwere ọrụ FindProxyForURL nke na-akọwa mgbagha maka ịhọrọ proxy dabere na onye ọbịa na URL a rịọrọ. Isi ihe adịghị ike bụ na iji mebie koodu Javascript a na pac-resolver, ejiri VM API nyere na Node.js, nke na-enye gị ohere ịme koodu Javascript n'ụdị dị iche iche nke engine V8.
API akọwapụtara nke ọma ka edobere n'ime akwụkwọ ahụ ka emebeghi ya maka ịgba ọsọ koodu enweghị ntụkwasị obi, n'ihi na ọ naghị enye ikewapụ koodu a na-agba ma na-enye ohere ịnweta ọnọdụ izizi. E doziela okwu a na pac-resolver 5.0.0, nke a kwaliri iji vm2 ọbá akwụkwọ, nke na-enye ọkwa dị elu nke ikewapụ kwesịrị ekwesị maka ịgba ọsọ koodu enweghị ntụkwasị obi.
Mgbe ị na-eji ụdị pac-resolver na-adịghị ike, onye na-awakpo site na nnyefe nke faịlụ PAC emebere nke ọma nwere ike nweta mmezu nke koodu Javascript ya na koodu nke oru ngo site na iji Node.js, ma ọ bụrụ na ọrụ a na-eji ụlọ akwụkwọ ndị nwere ihe ndabere. ya na pac-resolver. Nke kacha ewu ewu na ọba akwụkwọ nwere nsogbu bụ Proxy-Agent, edepụtara dị ka ndabere na oru 360, gụnyere urllib, aws-cdk, mailgun.js na firebase-tools, na-agbakọta ihe karịrị nde atọ kwa izu.
Ọ bụrụ na ngwa nwere ndabere na pac-resolver na-ebufe faịlụ PAC nke sistemụ na-akwado WPAD proxy akpaka nhazi protocol, mgbe ahụ ndị na-awakpo nwere ike ịbanye na netwọk mpaghara nwere ike iji nkesa ntọala proxy site na DHCP iji fanye faịlụ PAC ọjọọ.
isi: opennet.ru