Abaphuhlisi beqonga leseva yeJavaScript yeNode.js ulungiso lukhupha i-13.8.0, 12.15.0 kunye ne-10.19.0, elungisa ubuthathaka obuthathu:
- I-CVE-2019-15606 - Ukuphathwa okungalunganga kweempawu zendawo ezikhethiweyo (OWS) ngokulandela ixabiso kwi-header ye-HTTP;
- I-CVE-2019-15605-ukuba kunokwenzeka ukwenza uhlaselo lwe-HRS (i-HTTP Isicelo sokuThweba, ukuwela kwimixholo yezinye izicelo eziqhutywe kumsonto omnye phakathi kwendawo engaphambili kunye ne-backend) ngokugqithiselwa kwesihloko esiyilwe ngokukodwa i-Transfer-Encoding HTTP head;
- I-CVE-2019-15604 kukuntlitheka komncedisi we-TLS okubangelwa ukude ngokugqithiswa komtya ongachanekanga kwisatifikethi.
Ukongeza, ekukhutshweni okutsha, kwenziwe umsebenzi wokuphucula ukhuseleko lwe-HTTP parser kunye nezinto ezingqongqo zokwahlulahlula izicelo zeHTTP. Utshintsho lunokubangela imiba yokuhambelana nokuphunyezwa kwe-HTTP ephula inkcazo. Ukukhubaza imo yokuqinisekisa engqongqo, ukusetwa kwe-insecureHTTPParser kunye nokhetho lomgca womyalelo "-insecure-http-parser" zinikezelwe.
umthombo: opennet.ru