Mukuvandudzwa kweNPM 6.13.4 package maneja, inosanganisirwa mukugovera kweNode.js uye inoshandiswa kugovera mamodule mumutauro weJavaScript, matambudziko matatu (, ΠΈ ), iyo inobvumira mafaera ehurongwa hwemafaro kuti agadziriswe kana kunyorwa pamusoro pekuisa pasuru yakagadzirwa neanorwisa. Sechishandiso chekudzivirira, unogona kuchiisa ne "-ignore-scripts" sarudzo, iyo inorambidza kuurayiwa kweakavakirwa-mukati maneja mapakeji. Vagadziri veNPM vakaongorora mapakeji anowanikwa mune inochengeterwa uye havana kuwana mitsetse yematambudziko akaonekwa ari kushandiswa kurwisa.
CVE-2019-16777 mune zvinoburitswa pamberi pe6.13.4 uye inobvumidza iwe kuti unyore pamusoro pe system inoteeka mafaira panguva yepasi rose yekumisikidza. Iwe unogona chete kutsiva mafaera mune inotangwa dhairekitori panoisirwa mafaera (kazhinji /usr/local/bin).
ΠΈ inobuda muzvinyorwa zvisati zvaitika 6.13.3 uye inokubvumira kuti unyore faira rinopesana nekugadzira chinongedzo chekufananidzira kune mafaira kunze kwedhairekitori nemamodules (node_modules) kana nekushandisa bhini munda mu package.json (nzira dzine β/../β dzaive inobvumirwa mumunda webhini).
Source: opennet.ru
