Bahlahisi ba sethala sa JavaScript se lehlakoreng la seva Node.js ba phatlalalitse litokollo tsa tokiso 12.22.4, 14.17.4 le 16.6.0, tse lokisang bofokoli bo itseng (CVE-2021-22930) mojulung oa http2 (HTTP/2.0 moreki) , e leng se u lumellang hore u qale ts'ebetso ea ho senyeha kapa mohlomong ho hlophisa ts'ebetsong ea khoutu ea hau tsamaisong ha u fumana moamoheli ea laoloang ke mohlaseli.
Bothata bo bakoa ke ho fihlella mohopolo o seng o lokolotsoe ha o koala khokahano ka mor'a ho amohela liforeimi tsa RST_STREAM (thread reset) bakeng sa likhoele tse etsang ts'ebetso e matla ea ho bala e thibelang ho ngola. Haeba foreimi ea RST_STREAM e amoheloa ntle le ho hlakisa khoutu ea phoso, mojule oa http2 o boetse o bitsa mokhoa oa ho hloekisa data e seng e amohetsoe, eo ho eona mohlokomeli oa ho koala a bitsoa hape bakeng sa molapo o seng o koetsoe, o lebisang ho lokolloe habeli ha meaho ea data.
Puisano ea patch e hlokomela hore bothata ha bo rarolloe ka botlalo, 'me tlas'a maemo a fetotsoeng hanyane, bo ntse bo tsoela pele ho hlaha lintlafatsong tse hatisitsoeng. Tlhahlobo e bontšitse hore tokiso e akaretsa feela e 'ngoe ea linyeoe tse khethehileng - ha khoele e le ka mokhoa oa ho bala, empa ha e nahane ka lihlopha tse ling tsa khoele (ho bala le ho emisa, ho emisa le mefuta e meng ea ho ngola).
Source: opennet.ru