Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > Zowopsa mu VS Code, Grafana, GNU Emacs ndi Apache Fineract

Zowopsa mu VS Code, Grafana, GNU Emacs ndi Apache Fineract

Zowopsa zingapo zomwe zadziwika posachedwa:

  • Chiwopsezo chachikulu (CVE-2022-41034) chadziwika mu Visual Studio Code (VS Code) mkonzi, yomwe imalola kuphedwa kwa ma code pamene wogwiritsa ntchito atsegula ulalo wokonzedwa ndi wowukira. Khodiyo imatha kuchitidwa pakompyuta yomwe ikuyenda ndi VS Code komanso pamakompyuta ena aliwonse olumikizidwa ndi VS Code pogwiritsa ntchito "Kukula Kwakutali". Vutoli limabweretsa chiwopsezo chachikulu kwa ogwiritsa ntchito tsamba la VS Code ndi osintha pa intaneti potengera izi, kuphatikiza GitHub Codespaces ndi github.dev.

    Chiwopsezochi chimayamba chifukwa cha kuthekera kokonza maulalo a ntchito "command:" kutsegula zenera ndi terminal ndikuchita malamulo osagwirizana ndi zipolopolo, mukamakonza zolemba zomwe zidapangidwa mwapadera mu Jypiter Notebook mtundu wotsitsidwa kuchokera pa seva yoyendetsedwa ndi wowukira (mafayilo akunja okhala ndi ".ipynb" popanda zitsimikizo zowonjezera amatsegulidwa mu "isTrusted" mode, yomwe imalola kukonzedwa kwa "command:").

  • Chiwopsezo (CVE-2022-45939) chadziwika mu GNU Emacs text editor, yomwe imalola kuti malamulo atsatidwe potsegula fayilo ndi code, kudzera m'malo mwa zilembo zapadera m'dzina lokonzedwa pogwiritsa ntchito zida za ctags.
  • Chiwopsezo (CVE-2022-31097) chadziwika papulatifomu yotseguka ya Grafana, yomwe imalola kukhazikitsidwa kwa JavaScript code powonetsa zidziwitso kudzera mu Grafana Alerting system. Wowukira yemwe ali ndi ufulu wa Editor akhoza kukonza ulalo wopangidwa mwapadera ndikupeza mwayi wolumikizana ndi Grafana wokhala ndi ufulu woyang'anira ngati woyang'anira adina ulalowu. Chiwopsezo chayankhidwa mu Grafana atulutsa 9.2.7, 9.3.0, 9.0.3, 8.5.9, 8.4.10 ndi 8.3.10.
  • Chiwopsezo (CVE-2022-46146) mulaibulale ya zida zakunja zomwe zimagwiritsidwa ntchito popanga ma metrics a Prometheus. Vutoli limakupatsani mwayi wolambalala kutsimikizika koyambira.
  • Chiwopsezo (CVE-2022-44635) papulatifomu yopanga ntchito zachuma Apache Fineract, yomwe imalola wogwiritsa ntchito wosavomerezeka kuti akwaniritse ma code akutali. Vuto limayamba chifukwa chosowa kuthawa koyenera kwa zilembo za ".." m'njira zomwe zimakonzedwa ndi gawo lotsitsa mafayilo. Chiwopsezocho chinakhazikitsidwa mu Apache Fineract 1.7.1 ndi 1.8.1 zotulutsidwa.
  • Chiwopsezo (CVE-2022-46366) mu Apache Tapestry Java chimango chomwe chimalola kuti ma code agwiritsidwe ntchito ngati deta yosinthidwa mwapadera yachotsedwa. Vutoli limangowonekera munthambi yakale ya Apache Tapestry 3.x, yomwe siyikuthandizidwanso.
  • Zowopsa kwa Apache Airflow operekera ku Hive (CVE-2022-41131), Pinot (CVE-2022-38649), Nkhumba (CVE-2022-40189) ndi Spark (CVE-2022-40954), zomwe zimatsogolera kumayendedwe akutali kudzera pakutsitsa mafayilo osasunthika kapena kulowetsa m'malo mwa lamulo pakuchita ntchito popanda kukhala ndi mwayi wolembera mafayilo a DAG.

Source: opennet.ru

Kuwonjezera ndemanga