An samar da gyarar sakewar harshen shirye-shiryen Ruby , и , wanda ya gyara lahani guda hudu. Mafi haɗari mai haɗari (CVE-2019-16255) a cikin daidaitaccen ɗakin karatu (lib/shell.rb), wanda yi maye gurbin code. Idan an sarrafa bayanan da aka karɓa daga mai amfani a farkon hujjar Shell#[] ko Shell# hanyoyin gwajin da aka yi amfani da su don bincika kasancewar fayil, maharin na iya sa a kira hanyar Ruby ta sabani.
Wasu matsalolin:
- - bayyanawa ga ginannen uwar garken http harin raba martani na HTTP (idan shirin ya shigar da bayanan da ba a tantance ba a cikin taken martani na HTTP, to ana iya raba kan ta hanyar saka sabon layi);
- maye gurbin null hali (\0) cikin waɗanda aka bincika ta hanyar "File.fnmatch" da "File.fnmatch?" hanyoyin. Ana iya amfani da hanyoyin fayil don jawo rajistan karya;
- - musun sabis a cikin tsarin tabbatar da Diges don WEBrick.
source: budenet.ru