An samar da gyaran gyare-gyare na harshen shirye-shiryen Ruby 3.1.2, 3.0.4, 2.7.6, 2.6.10, wanda aka kawar da lahani guda biyu:
- CVE-2022-28738 kyauta ce mai sau biyu a cikin lambar harhada magana ta yau da kullun wacce ke faruwa lokacin da keɓaɓɓen kirtani ke wucewa lokacin ƙirƙirar abu na Regexp. Ana iya amfani da raunin ta hanyar amfani da bayanan waje marasa amana a cikin wani abu na Regexp.
- CVE-2022-28739 - Buffer ambaliya a cikin lambar canza kirtani-zuwa iyo. Ana iya yin amfani da rashin lafiyar don samun damar yin amfani da abun ciki na ƙwaƙwalwar ajiya lokacin sarrafa bayanan waje marasa amana a cikin hanyoyin kamar Kernel#Float da String#to_f.
source: budenet.ru