Kev kho kho tshiab rau Ruby ntawm Rails lub moj khaum 7.0.4.1, 6.1.7.1 thiab 6.0.6.1 tau luam tawm, uas 6 qhov tsis zoo raug kho. Qhov tsis txaus ntshai tshaj plaws (CVE-2023-22794) tuaj yeem ua rau kev ua tiav ntawm SQL cov lus txib uas tau teev tseg los ntawm tus neeg tawm tsam thaum siv cov ntaub ntawv sab nraud hauv cov lus ua tiav hauv ActiveRecord. Qhov teeb meem yog tshwm sim los ntawm qhov tsis tsim nyog khiav tawm ntawm cov cim tshwj xeeb hauv cov lus ua ntej txuag lawv hauv DBMS.
Qhov thib ob qhov tsis zoo (CVE-2023-22797) tuaj yeem siv rau kev xa mus rau lwm nplooj ntawv (qhib redirect) thaum siv cov ntaub ntawv tsis tau lees paub nyob rau hauv redirect_to handler. Qhov seem 4 qhov tsis zoo ua rau tsis lees paub qhov kev pabcuam vim muaj kev thauj khoom siab ntawm lub kaw lus (tsuas yog vim yog kev ua cov ntaub ntawv sab nraud hauv kev ua haujlwm tsis zoo thiab siv sijhawm ntev).
Tau qhov twg los: opennet.ru