Sabuntawa na gyarawa ga Ruby akan Rails 7.0.4.1, 6.1.7.1 da 6.0.6.1 an buga tsarin, yana gyara raunin 6. Mafi haɗari mai haɗari (CVE-2023-22794) na iya haifar da aiwatar da umarnin SQL wanda maharin ya ƙayyade lokacin amfani da bayanan waje a cikin maganganun da aka sarrafa a cikin ActiveRecord. Matsalar ta samo asali ne saboda rashin gujewa zama dole na musamman haruffa a cikin sharhi kafin a adana su a cikin DBMS.
Za'a iya amfani da rashin lahani na biyu (CVE-2023-22797) don turawa zuwa wasu shafuka (buɗaɗɗen turawa) lokacin amfani da bayanan waje mara tabbaci a cikin redirect_to mai sarrafa. Sauran lahani na 4 suna haifar da ƙin sabis saboda ƙirƙirar kaya mai yawa akan tsarin (yawanci saboda sarrafa bayanan waje a cikin rashin inganci da dogon lokaci na yau da kullun).
source: budenet.ru