I-ProHoster > Π‘Π»ΠΎΠ³ > izindaba ze-inthanethi > Ukuba sengozini kuphakheji ye-pac-resolver ye-NPM ngokulandwa kwezigidi ezingu-3 ngesonto

Ukuba sengozini kuphakheji ye-pac-resolver ye-NPM ngokulandwa kwezigidi ezingu-3 ngesonto

Iphakheji ye-NPM ye-pac-resolver, enokulanda okungaphezu kwezigidi ezingu-3 ngesonto, isengozini (CVE-2021-23406) evumela ukuthi ikhodi yayo ye-JavaScript isetshenziswe kumongo wohlelo lokusebenza lapho kuthunyelwa izicelo ze-HTTP ezivela kumaphrojekthi we-Node.js isekela umsebenzi wokumisa okuzenzakalelayo kweseva elibamba.

Iphakheji ye-pac-resolver ihlaziya amafayela e-PAC ahlanganisa iskripthi sokumisa sommeleli ozenzakalelayo. Ifayela le-PAC liqukethe ikhodi ye-JavaScript evamile ngomsebenzi we-FindProxyForURL ochaza ingqondo yokukhetha ummeleli kuye ngomsingathi kanye ne-URL eceliwe. Ingqikithi yokuba sengozini ukuthi ukusebenzisa le khodi ye-JavaScript ku-pac-resolver, kusetshenziswe i-VM API enikezwe ku-Node.js, ekuvumela ukuthi usebenzise ikhodi ye-JavaScript kumongo ohlukile wenjini ye-V8.

I-API eshiwo imakwe ngokusobala kumadokhumenti njengengahloselwe ukusebenzisa ikhodi engathenjwa, njengoba inganikezi ukuhlukaniswa okuphelele kwekhodi esetshenziswayo futhi ivumela ukufinyelela kumongo wangempela. Udaba luxazululwe ku-pac-resolver 5.0.0, ehanjiswe ukuze kusetshenziswe umtapo wezincwadi we-vm2, ohlinzeka ngezinga eliphezulu lokuzihlukanisa elifanele ukusebenzisa ikhodi engathenjiwe.

Ukuba sengozini kuphakheji ye-pac-resolver ye-NPM ngokulandwa kwezigidi ezingu-3 ngesonto

Lapho usebenzisa inguqulo esengozini ye-pac-resolver, umhlaseli ngokudluliswa kwefayela le-PAC eliklanywe ngokukhethekile angakwazi ukuzuza ukusetshenziswa kwekhodi yakhe ye-JavaScript kumongo wekhodi yephrojekthi esebenzisa i-Node.js, uma le phrojekthi isebenzisa amalabhulali ancike nge-pac-resolver. Imitapo yolwazi eyinkinga kakhulu i-Proxy-Agent, esohlwini lokuncika kumaphrojekthi angu-360, okuhlanganisa i-urllib, aws-cdk, mailgun.js kanye namathuluzi e-firebase, okwenza inani elilandiwe elingaphezu kwezigidi ezintathu ngesonto.

Uma uhlelo lokusebenza olunokuncika kusixazululi se-pac lilayisha ifayela le-PAC elinikezwe isistimu esekela iphrothokholi yokucushwa okuzenzakalelayo kommeleli we-WPAD, abahlaseli abanokufinyelela kunethiwekhi yendawo bangasebenzisa ukusatshalaliswa kwezilungiselelo zommeleli nge-DHCP ukuze bafake amafayela e-PAC anonya.

Source: opennet.ru

Engeza amazwana