Onjiniyela benkundla ye-JavaScript eseceleni kweseva i-Node.js
- I-CVE-2019-15606 - Ukuphathwa okungalungile kwezinhlamvu zesikhala ozikhethela (OWS) kulandela inani kunhlokweni ye-HTTP;
- CVE-2019-15605 - amathuba okwenza ukuhlasela kwe-HRS (HTTP Request Smuggling,
kuvumela ngena kokuqukethwe kwezinye izicelo ezicutshungulwe kuchungechunge olufanayo phakathi kwendawo engaphambili nengemuva) ngokudluliswa kwesihloko se-HTTP Sokudlulisa-Umbhalo Wekhodi oklanywe ngokukhethekile; - I-CVE-2019-15604 ukuphahlazeka kweseva ye-TLS okuqaliswe ukude ngokudluliswa kweyunithi yezinhlamvu engalungile kusitifiketi.
Ngaphezu kwalokho, ekukhishweni okusha, kwenziwe umsebenzi wokuthuthukisa ukuvikeleka komhlahleli we-HTTP kanye nokuhlaziya okuqinile kwezinto zesicelo se-HTTP. Ushintsho lungabangela izinkinga zokusebenzisana nokusebenzisa i-HTTP okwephula ukucaciswa. Ukuze ukhubaze imodi yokuqinisekisa eqinile, ukulungiselelwa kwe-insecureHTTPParser kanye nenketho yomugqa womyalo ββinsecure-http-parserβ kunikezwa.
Source: opennet.ru