Kev kho kom raug tso tawm ntawm cov lus programming Ruby 3.0.1, 2.7.3, 2.6.7 thiab 2.5.9 tau tsim, uas ob qhov tsis zoo raug tshem tawm:
- CVE-2021-28965 yog qhov tsis zoo nyob rau hauv REXML module uas, thaum parsing thiab serializing ib tug tshwj xeeb formatted ntaub ntawv XML, tej zaum yuav ua rau cov creation ntawm ib tug invalid XML daim ntawv uas nws cov qauv tsis phim tus thawj. Qhov hnyav ntawm qhov tsis zoo yog nyob ntawm cov ntsiab lus, tab sis lub koom haum ntawm kev tawm tsam ntawm qee qhov kev siv siv REXML tsis raug txiav tawm.
- CVE-2021-28966 yog Windows platform-specific vulnerability uas tso cai rau cov creation ntawm ib tug arbitrary directory los yog cov ntaub ntawv nyob rau hauv ib feem ntawm cov ntaub ntawv system uas sau tau los ntawm tus neeg siv nrog nws txoj cai Ruby txheej txheem khiav. Qhov teeb meem yog tshwm sim los ntawm kev ua tsis raug ntawm cov lus ua ntej hauv Dir.mktmpdir txoj kev, uas tsis suav nrog kev hloov ntawm kev tsim kho xws li "..\\". Txhawm rau tawm tsam, cov txheej txheem yuav tsum siv cov ntaub ntawv sab nraud thaum tsim tus nqi prefix.
Tau qhov twg los: opennet.ru