Abaphuhlisi beqonga leseva yeJavaScript yeNode.js
- I-CVE-2019-15606 - Ukuphathwa okungalunganga kweempawu zendawo ezikhethiweyo (OWS) ngokulandela ixabiso kwi-header ye-HTTP;
- I-CVE-2019-15605-ukuba kunokwenzeka ukwenza uhlaselo lwe-HRS (i-HTTP Isicelo sokuThweba,
it ivumela ukuwela kwimixholo yezinye izicelo eziqhutywe kumsonto omnye phakathi kwendawo engaphambili kunye ne-backend) ngokugqithiselwa kwesihloko esiyilwe ngokukodwa i-Transfer-Encoding HTTP head; - I-CVE-2019-15604 kukuntlitheka komncedisi we-TLS okubangelwa ukude ngokugqithiswa komtya ongachanekanga kwisatifikethi.
Ukongeza, ekukhutshweni okutsha, kwenziwe umsebenzi wokuphucula ukhuseleko lwe-HTTP parser kunye nezinto ezingqongqo zokwahlulahlula izicelo zeHTTP. Utshintsho lunokubangela imiba yokuhambelana nokuphunyezwa kwe-HTTP ephula inkcazo. Ukukhubaza imo yokuqinisekisa engqongqo, ukusetwa kwe-insecureHTTPParser kunye nokhetho lomgca womyalelo "-insecure-http-parser" zinikezelwe.
umthombo: opennet.ru