adịghị ike na NPM nke na-enye ohere ịgbanwe faịlụ aka ike n'oge ntinye ngwugwu

Na mmelite nke njikwa ngwugwu NPM 6.13.4, gụnyere na nkesa Node.js ma jiri ya kesaa modul n'asụsụ Javascript, kpochapuru vulnerabilities atọ (CVE-2019-16775, CVE-2019-16776 и CVE-2019-16777), nke na-enye ohere ịgbanwe ma ọ bụ degharịa faịlụ sistemụ aka ike mgbe ị na-etinye ngwugwu nke onye na-awakpo kwadebere. Dị ka ihe nchekwa maka nchekwa, ị nwere ike ịwụnye ya na nhọrọ "-ignore-scripts", nke na-amachibido mkpochapụ nke ngwungwu njikwa arụnyere. Ndị mmepe NPM nyochara ngwungwu ndị dị na ebe nchekwa ahụ ma ọ nweghị akara nke nsogbu ndị achọpụtara eji ebu ọgụ.

CVE-2019-16777 ngwa ngwa na mwepụta tupu 6.13.4 ma na-enye gị ohere idegharị faịlụ ndị nwere ike ịmegharị sistemụ n'oge ntinye ngwugwu zuru ụwa ọnụ. Ị nwere ike dochie faịlụ naanị na ndekọ ndekọ ebe etinyere faịlụ ndị nwere ike ime (na-emekarị / usr / local / bin).

CVE-2019-16775 и CVE-2019-16776 na-apụta na mwepụta tupu 6.13.3 wee kwe ka ị dee faịlụ aka ike site na ịmepụta njikọ ihe atụ na faịlụ na-abụghị akwụkwọ ndekọ aha nwere modul (node_modules) ma ọ bụ site n'ịgbanwe ebe bin na ngwugwu.json (ụzọ nwere "/ ../" bụ. ekwe na ubi bin) .

isi: opennet.ru