ProHoster > Blog > internet nhau > Kusagadzikana muVS Code, Grafana, GNU Emacs uye Apache Fineract

Kusagadzikana muVS Code, Grafana, GNU Emacs uye Apache Fineract

Zvizhinji zvichangobva kuonekwa kusasimba:

  • Kusagadzikana kwakanyanya (CVE-2022-41034) kwaonekwa muVisual Studio Code (VS Code) iyo inobvumira kuuraya kodhi kana mushandisi avhura chinongedzo chakagadzirirwa neanorwisa. Iyo kodhi inogona kuitwa paVS Code muchina kana pane chero mumwe muchina wakabatana neVS Code uchishandisa Remote Development ficha. Dambudziko rinounza njodzi huru kune vashandisi vewebhu vhezheni yeVS Code uye web edhita zvichibva pairi, kusanganisira GitHub Codespaces uye github.dev.

    Kusagadzikana kunokonzerwa nekugona kugadzirisa "command:" masevhisi zvinongedzo kuti uvhure hwindo rine terminal uye kuita zvechisimba mirairo yegomba mairi, paunenge uchigadzira zvinyorwa zvakagadzirirwa muJypiter Notebook fomati mupepeti, yakatorwa kubva pawebhu server inodzorwa. neanorwisa (mafaira ekunze nekuwedzera " .ipynb" pasina humwe husimbiso hunovhurwa mu "isTrusted" mode, iyo inobvumira kushandiswa kwe "command:").

  • Kusagadzikana kwakaonekwa muGNU Emacs text editor (CVE-2022-45939), iyo inobvumira kuronga kuitwa kwemirairo pakuvhura faira nekodhi, kuburikidza nekutsiviwa kwemavara akakosha muzita rakagadziriswa uchishandisa ctags toolkit.
  • Kusagadzikana (CVE-2022-31097) kwaonekwa muGrafana yakavhurika sosi yekuona data chikuva iyo inogona kubvumira JavaScript kodhi kuti iitwe kana chiziviso charatidzwa kuburikidza neGrafana Alerting system. Anorwisa ane kodzero dzeEditor anogona kugadzirira chinongedzo chakagadzirwa uye kuwana mukana weiyo Grafana interface ine kodzero dzemaneja kana maneja akadzvanya pane iyi link. Kusagadzikana kwakagadziriswa muGrafana 9.2.7, 9.3.0, 9.0.3, 8.5.9, 8.4.10 uye 8.3.10 zvaburitswa.
  • Vulnerability (CVE-2022-46146) muraibhurari yezvishandiso zvekunze inoshandiswa kugadzira metrics ekunze kwePrometheus. Dambudziko rinokutendera kuti upfuure kusimbiswa kwekutanga.
  • Vulnerability (CVE-2022-44635) muApache Fineract zvemari masevhisi papuratifomu inobvumira mushandisi asina kutenderwa kuti awane kure kure kodhi kuuraya. Dambudziko rinokonzerwa nekushaikwa kwekupukunyuka kwakakodzera kwe ".." mavara munzira dzakagadziriswa nechikamu chekurodha mafaera. Kusagadzikana kwakagadziriswa muApache Fineract 1.7.1 uye 1.8.1 kuburitswa.
  • Kusagadzikana (CVE-2022-46366) muApache Tapestry Java framework iyo inobvumira kodhi yekodhi kuti iitwe kana data rakanyatso kurongeka rabviswa. Dambudziko rinoonekwa chete mubazi rekare reApache Tapestry 3.x, iyo isingachatsigirwi.
  • Kusagadzikana muApache Airflow vanopa kuHive (CVE-2022-41131), Pinot (CVE-2022-38649), Nguruve (CVE-2022-40189) uye Spark (CVE-2022-40954), inotungamira kune kure kodhi kuuraya kuburikidza nekurodha zvinopokana. mafaera kana kutsiva kwemirairo mumamiriro ekuita basa pasina kuve nekunyorera mafaira eDAG.

Source: opennet.ru

Voeg