Ukuze uthole uhlelo lokuphatha okuqukethwe mahhala , ebhalwe ngePython kusetshenziswa iseva yesicelo se-Zope, ama-patches ngokuqedwa (Izihlonzi ze-CVE azikakanikezwa). Izinkinga zithinta konke ukukhishwa kwamanje kwe-Plone, okuhlanganisa nokukhishwa okukhishwe ezinsukwini ezimbalwa ezedlule . Izinkinga zihlelelwe ukuthi zilungiswe ekukhishweni okuzayo kwe-Plone 4.3.20, 5.1.7 kanye no-5.2.2, ngaphambi kokushicilelwa okuphakanyiswe ukuthi kusetshenziswe. .
Ubungozi obuhlonziwe (imininingwane ayikadalulwa):
- Ukuphakama kwamalungelo ngokukhwabanisa kwe-Rest API (ivela kuphela uma i-plone.restapi inikwe amandla);
- Ukufakwa esikhundleni kwekhodi ye-SQL ngenxa yokungaphunyuki ngokwanele kokwakhiwa kwe-SQL ku-DTML nezinto zokuxhuma ku-DBMS (inkinga iqondene ngqo futhi ivela kwezinye izinhlelo zokusebenza ezisuselwe kuyo);
- Amandla okubhala kabusha okuqukethwe ngokukhohlisa ngendlela ye-PUT ngaphandle kokuba namalungelo okubhala;
- Vula ukuqondisa kabusha kufomu lokungena;
- Amathuba okudlulisa izixhumanisi zangaphandle ezinonya ngokudlula isheke le-isURLInPortal;
- Ukuhlolwa kwamandla ephasiwedi kuyehluleka kwezinye izimo;
- I-Cross-site scripting (XSS) ngokushintshanisa ikhodi endaweni yesihloko.
Source: opennet.ru