Uninzi lweziphene ezisanda kuchongwa:
- Umngcipheko obalulekileyo (i-CVE-2022-41034) ichongiwe kwiKhowudi ye-Visual Studio (VS Code) evumela ukuphunyezwa kwekhowudi xa umsebenzisi evula ikhonkco elilungiselelwe ngumhlaseli. Ikhowudi inokuphunyezwa nokuba kumatshini weKhowudi ye-VS okanye kuwo nawuphi na omnye umatshini oqhagamshelwe kwiKhowudi yeVS usebenzisa uphawu loPhuhliso olukude. Ingxaki ibeka ingozi enkulu kubasebenzisi benguqulo yewebhu ye-VS Code kunye nabahleli bewebhu ngokusekelwe kuyo, kuquka i-GitHub Codespaces kunye ne-github.dev.
Ukuba sesichengeni kubangelwa kukukwazi ukuqhubela phambili "umyalelo:" amakhonkco enkonzo ukuvula ifestile ngesiphelo sendlela kwaye wenze imiyalelo engqongqo yeqokobhe kuyo, xa kusetyenzwa amaxwebhu ayilwe ngokukodwa kwifomati yeJypiter Notebook kumhleli, ekhutshelweyo esuka kumncedisi wewebhu olawulwayo. ngumhlaseli (iifayile zangaphandle kunye nolwandiso " .ipynb "ngaphandle kweziqinisekiso ezongezelelweyo zivuliwe kwimodi ye "isTrusted", evumela ukuqhutyelwa kwe "command:").
- Ubuthathaka buchongiwe kumhleli wombhalo we-GNU Emacs (CVE-2022-45939), ovumela ukulungelelanisa ukuphunyezwa kwemiyalelo xa uvula ifayile ngekhowudi, ngokutshintshwa kwamagama akhethekileyo egameni elicutshungulwe kusetyenziswa i-ctags toolkit.
- Ubuthathaka (CVE-2022-31097) ichongiwe kwiqonga lokubonisa idatha yemithombo evulekileyo yaseGrafana enokuvumela ikhowudi yeJavaScript ukuba yenziwe xa isaziso siboniswa ngenkqubo ye-Grafana Alerting. Umhlaseli onamalungelo oMhleli angalungisa ikhonkco eliyilwe ngokukodwa kwaye afumane ufikelelo kujongano lweGrafana olunamalungelo omlawuli ukuba umlawuli ucofa kule khonkco. Ubuthathaka bulungisiwe kwi-Grafana 9.2.7, 9.3.0, 9.0.3, 8.5.9, 8.4.10 kunye ne-8.3.10 ukhupho.
- Ukuba semngciphekweni (CVE-2022-46146) kwilayibrari yezixhobo zokuthumela ngaphandle esetyenziselwa ukwenza abathengisi beemetrics ngaphandle kwePrometheus. Ingxaki ikuvumela ukuba ugqithe uqinisekiso olusisiseko.
- Ubungozi (CVE-2022-44635) kwiqonga leenkonzo zezemali ze-Apache Fineract ezivumela umsebenzisi ongagunyaziswanga ukuba afezekise ukwenziwa kwekhowudi ekude. Ingxaki ibangelwa kukunqongophala kokubaleka okufanelekileyo kwe ".." abalinganiswa kwiindlela eziqhutywe licandelo lokulayisha iifayile. Ukuba sesichengeni kwalungiswa kwi-Apache Fineract 1.7.1 kunye nokukhutshwa kwe-1.8.1.
- Ukuba semngciphekweni (CVE-2022-46366) kwisakhelo se-Apache Tapestry Java evumela ukuba ikhowudi yesiko iqhutywe xa idatha efomathiweyo ngokukodwa ichithwa. Ingxaki ibonakala kuphela kwisebe elidala le-Apache Tapestry 3.x, engasaxhaswanga.
- Ubuthathaka kubaboneleli beApache Airflow ukuya kwiHive (CVE-2022-41131), iPinot (CVE-2022-38649), iHagu (CVE-2022-40189) kunye neSpark (CVE-2022-40954), ekhokelela ekuqhutyweni kwekhowudi ekude ngokulayisha ngokungekho mthethweni. iifayile okanye ukutshintshwa komyalelo kumxholo wokwenziwa komsebenzi ngaphandle kokuba nofikelelo lokubhala kwiifayile zeDAG.
umthombo: opennet.ru