Iyo pac-resolver NPM package, ine anopfuura mamirioni matatu ekudhawunirodha pasvondo, ine njodzi (CVE-3-2021) inobvumira JavaScript kodhi yayo kuti iitwe mumamiriro ekushandiswa kana uchitumira zvikumbiro zveHTTP kubva kuNode.js mapurojekiti ayo tsigira proxy server auto-configuration basa.
Iyo pac-resolver package inoburitsa PAC mafaera anosanganisira otomatiki proxy script script. Iyo PAC faira ine yakajairwa JavaScript kodhi ine FindProxyForURL basa rinotsanangura zvine musoro pakusarudza mumiriri zvichienderana nemugamuchiri uye URL yakumbirwa. Izvo zvakakosha zvekusagadzikana ndezvekuti kuita iyi JavaScript kodhi mu pac-resolver, iyo VM API yakapihwa muNode.js yakashandiswa, iyo inokutendera iwe kuita JavaScript kodhi mune imwe mamiriro einjini yeV8.
Iyo API yakatsanangurwa yakanyorwa zvakajeka muzvinyorwa seisina kuitirwa kumhanyisa kodhi isina kuvimbwa, sezvo isingapi kuparadzaniswa kwakazara kwekodhi iri kuitwa uye inobvumira kupinda kune yekutanga mamiriro. Nyaya yacho yakagadziriswa mu pac-resolver 5.0.0, iyo yakafambiswa kuti ishandise vm2 raibhurari, iyo inopa huwandu hwepamusoro hwekuzviparadzanisa hwakakodzera kumhanyisa isina kuvimbika kodhi.
Paunenge uchishandisa vhezheni isina njodzi yepac-resolver, anorwisa kuburikidza nekufambisa kwefaira rakagadzirwa PAC anogona kuita kodhi yeJavaScript yake mukati meiyo kodhi yeprojekiti uchishandisa Node.js, kana chirongwa ichi chikashandisa maraibhurari ane anotsamira. ine pac-resolver. Anonyanya kufarirwa pamaraibhurari ane dambudziko ndeyeProxy-Agent, akarongwa seanotsamira pamapurojekiti mazana matatu nemakumi matanhatu, anosanganisira urllib, aws-cdk, mailgun.js uye firebase-zvishandiso, zvinosvika mamirioni matatu ekudhawunirodha pasvondo.
Kana application inoenderana ne pac-resolver ikatakura PAC faira rakapihwa nesystem inotsigira WPAD proxy automatic configuration protocol, zvino vanorwisa vane mukana kune network yeko vanogona kushandisa kugovera kwesettings yeproxy kuburikidza neDHCP kuisa mafaera ePAC ane hutsinye.
Source: opennet.ru