🥇Likhatiso tse ncha tsa Node.js 13.8, 12.15 le 10.19 tse nang le bofokoli tse tsitsitseng

Baetsi ba sethala sa JavaScript se lehlakoreng la seva Node.js e phatlalalitsoeng tokiso e lokolla 13.8.0, 12.15.0 le 10.19.0, tse lokisang likotsi tse tharo:

CVE-2019-15606 - Ts'ebetso e fosahetseng ea litlhaku tsa sebaka sa boikhethelo (OWS) ho latela boleng ho hlooho ea HTTP;
CVE-2019-15605 - monyetla oa ho etsa tlhaselo ea HRS (HTTP Request Smuggling, e lumella ho kena ka har'a likahare tsa likopo tse ling tse sebetsitsoeng ka khoele e ts'oanang lipakeng tsa frontend le backend) ka phetiso ea sehlooho se ikhethileng sa Transfer-Encoding HTTP;
CVE-2019-15604 ke ho soahlamana ha seva sa TLS ho tloha hole ka ho fetisoa ha khoele e fosahetseng setifikeiting.

Ntle le moo, litokollong tse ncha, ho entsoe mosebetsi oa ho ntlafatsa ts'ireletso ea HTTP parser le tlhophiso e tiileng ea likarolo tsa kopo ea HTTP. Phetoho e ka 'na ea baka mathata a ho lumellana le ts'ebetsong ea HTTP e khahlanong le litlhaloso. Ho thibela mokhoa o tiileng oa ho netefatsa, ho fanoa ka "insecureHTTPParser setting" le khetho ea mola oa taelo "-insecure-http-parser".

Source: opennet.ru

Litokollo tse ncha tsa Node.js 13.8, 12.15 le 10.19 tse nang le bofokoli bo tsitsitseng

Eketsa ka tlhaloso hlakola karabo