An samar da gyaran gyare-gyare na harshen shirye-shiryen Ruby 3.0.1, 2.7.3, 2.6.7 da 2.5.9, wanda aka kawar da lahani guda biyu:
- CVE-2021-28965 wani rauni ne a cikin ginanniyar tsarin REXML, wanda, lokacin da ake tantancewa da jera takaddun XML da aka tsara musamman, na iya haifar da ƙirƙirar takaddar XML da ba daidai ba wacce tsarinsa bai dace da ainihin ba. Tsananin raunin ya dogara sosai akan mahallin, amma hare-hare akan wasu aikace-aikacen da ke amfani da REXML ba za a iya kawar da su ba.
- CVE-2021-28966 ƙayyadaddun raunin dandali ne na Windows wanda ke ba da damar ƙirƙirar kundin adireshi ko fayil na sabani a cikin sassan tsarin fayil waɗanda mai amfani ke rubutawa tare da waɗanda tsarin Ruby ke gudana. Matsalar tana faruwa ne ta hanyar sarrafa prefix ɗin da ba daidai ba a cikin hanyar Dir.mktmpdir, wanda ba ya ware canjin gine-gine kamar “..\\”. Don kai hari, dole ne tsarin ya yi amfani da bayanan waje lokacin samar da ƙimar prefix.
source: budenet.ru