Bakeng sa tsamaiso ea mahala ea litaba , e ngotsoeng ka Python ho sebelisa seva sa kopo ea Zope, li-patches tse nang le ho felisoa (Litlhahiso tsa CVE ha li so abeloe). Mathata a ama likhatiso tsohle tsa hajoale tsa Plone, ho kenyelletsa le tokollo e lokollotsoeng matsatsi a 'maloa a fetileng . Litaba li reretsoe ho lokisoa liphatlalatsong tsa nako e tlang tsa Plone 4.3.20, 5.1.7 le 5.2.2, pele ho phatlalatsoa eo ho khothaletsoang hore e sebelisoe. .
Bofokoli bo tsebahalitsoeng (lintlha ha li so hlahisoe):
- Ho phahamisa litokelo ka ho qhekella API ea Phomolo (e hlaha feela ha plone.restapi e nolofalitsoe);
- Ho nkela sebaka sa khoutu ea SQL ka lebaka la ho se balehe ho lekaneng ha SQL e hahiloeng ho DTML le lintho tsa ho hokela DBMS (bothata bo tobile ho 'me e hlaha lits'ebetsong tse ling tse thehiloeng ho eona);
- Bokhoni ba ho ngola litaba bocha ka ho qhekella ka mokhoa oa PUT ntle le ho ba le litokelo tsa ho ngola;
- Bula redirect ka foromo ea ho kena;
- Monyetla oa ho fetisa likhokahano tse mpe tsa kantle ho feta ho hlahloba isURLInPortal;
- Ho hlahloba matla a password ho hloleha maemong a mang;
- Cross-site scripting (XSS) ka ho kenya khoutu sebakeng sa sehlooho.
Source: opennet.ru