Mupuratifomu yakavhurika yekuronga e-commerce Magento, iyo inogara inosvika gumi muzana yemusika wemasisitimu ekugadzira zvitoro zvepamhepo, njodzi yakakosha yakaonekwa (CVE-10-2022), iyo inobvumira kodhi kuti iitwe paserver ne. kutumira imwe chikumbiro pasina huchokwadi. Kusagadzikana kwakapihwa chiyero chekuomarara che24086 kubva pagumi.
Dambudziko rinokonzereswa nekusimbisa kusirizvo kwemaparamita anogamuchirwa kubva kumushandisi mune yekurongeka yekubata mubato. Zvakawanda zvekushandiswa kwekusagadzikana hazvisati zvaburitswa; gadziriso yacho inodzika kusvika pakubvisa mavara arimubvunzo paramita uchishandisa chirevo chenguva dzose "/{{.*?}}/".
Kusagadzikana kunoonekwa mukuburitswa 2.3.3-p1 kusvika 2.3.7-p2 uye 2.4.0 kuburikidza 2.4.3-p1, kusanganisira. Iyo gadziriso inowanikwa muchimiro chechigamba (kuburitswa kutsva nekugadzirisa hakusati kwagadzirwa). Vashandisi veMagento vanokurudzirwa kuti vaise chigamba nekuchimbidza, sezvo nyaya dzega dzega dzekushandisa kusagadzikana kuri mubvunzo kutanga kurwiswa pazvitoro zvepamhepo zvakatonyorwa paInternet.
Source: opennet.ru