Madivelopa a seva-mbali JavaScript nsanja Node.js asindikiza zosintha 12.22.4, 14.17.4 ndi 16.6.0, amene pang'ono kukonza chiwopsezo (CVE-2021-22930) mu http2 module (HTTP/2.0 kasitomala) , zomwe zimakupatsani mwayi woyambitsa kuwonongeka kapena kukonzekera kuchitidwa kwa code yanu mudongosolo pamene mukupeza gulu lomwe likulamulidwa ndi wotsutsa.
Vutoli limayamba chifukwa chofikira kukumbukira komwe kwamasulidwa kale mukatseka cholumikizira mutalandira mafelemu a RST_STREAM (thread reset) a ulusi womwe ukugwira ntchito zowerengera zomwe zimaletsa kulemba. Ngati chimango cha RST_STREAM chikulandilidwa popanda kufotokoza cholakwika, gawo la http2 limayitanitsanso njira yoyeretsera deta yomwe yalandilidwa kale, pomwe wotsekera amayitanidwanso pamtsinje womwe watsekedwa kale, zomwe zimatsogolera kumasulidwa kawiri kwa ma data.
Kukambitsirana kwachigamba kukuwonetsa kuti vutoli silinatheretu kwathunthu ndipo, pansi pamikhalidwe yosinthidwa pang'ono, likupitiliza kuwonekera pazosintha zosindikizidwa. Kusanthula kunasonyeza kuti kukonza kumangokhudza chimodzi mwazochitika zapadera - pamene ulusi uli mumayendedwe owerengera, koma osaganiziranso zina za ulusi (kuwerenga ndi kupuma, kupuma ndi mitundu ina ya kulemba).
Source: opennet.ru