Vagadziri ve server-side JavaScript platform Node.js kururamisa kunoburitsa 13.8.0, 12.15.0 uye 10.19.0, izvo zvinogadzirisa kusasimba kutatu:
- CVE-2019-15606 - Kubata kusiri iko kwesarudzo nzvimbo mavara (OWS) zvichitevera kukosha muHTTP musoro;
- CVE-2019-15605 - mukana wekuita kurwisa kweHRS (HTTP Chikumbiro Kubiridzira, wedge muzviri mukati mezvimwe zvikumbiro zvakagadziriswa mushinda imwechete pakati pemberi uye backend) kuburikidza nekufambiswa kweiyo yakanyatso dhizainirwa Shandura-Encoding HTTP musoro;
- CVE-2019-15604 ndeyekure yakakonzeresa TLS server kuparara kuburikidza nekufambiswa kwetambo isiriyo muchitupa.
Uye zvakare, mukuburitswa kutsva, basa rakaitwa kuvandudza kuchengetedzeka kweHTTP parser uye zvakanyanya kuomarara parsing yezvinhu zvekukumbira zveHTTP. Shanduko iyi inogona kukonzera nyaya dzekuenderana neHTTP mashandisirwo ayo anotyora zvakatemwa. Kudzima iyo yakasimba yekusimbisa modhi, iyo insecureHTTPParser kuseta uye yekuraira mutsara sarudzo "-insecure-http-parser" inopihwa.
Source: opennet.ru