Onjiniyela benkundla ye-JavaScript eseceleni kweseva i-Node.js ukulungisa ukukhishwa okungu-13.8.0, 12.15.0 kanye no-10.19.0, okulungisa ubungozi obuthathu:
- I-CVE-2019-15606 - Ukuphathwa okungalungile kwezinhlamvu zesikhala ozikhethela (OWS) kulandela inani kunhlokweni ye-HTTP;
- CVE-2019-15605 - amathuba okwenza ukuhlasela kwe-HRS (HTTP Request Smuggling, ngena kokuqukethwe kwezinye izicelo ezicutshungulwe kuchungechunge olufanayo phakathi kwendawo engaphambili nengemuva) ngokudluliswa kwesihloko se-HTTP Sokudlulisa-Umbhalo Wekhodi oklanywe ngokukhethekile;
- I-CVE-2019-15604 ukuphahlazeka kweseva ye-TLS okuqaliswe ukude ngokudluliswa kweyunithi yezinhlamvu engalungile kusitifiketi.
Ngaphezu kwalokho, ekukhishweni okusha, kwenziwe umsebenzi wokuthuthukisa ukuvikeleka komhlahleli we-HTTP kanye nokuhlaziya okuqinile kwezinto zesicelo se-HTTP. Ushintsho lungabangela izinkinga zokusebenzisana nokusebenzisa i-HTTP okwephula ukucaciswa. Ukuze ukhubaze imodi yokuqinisekisa eqinile, ukulungiselelwa kwe-insecureHTTPParser kanye nenketho yomugqa womyalo ββinsecure-http-parserβ kunikezwa.
Source: opennet.ru