Ewepụtala mmezi asụsụ mmemme Ruby , и , nke doziri adịghị ike anọ. Ihe ọghọm kachasị dị ize ndụ (CVE-2019-16255) n'ọbá akwụkwọ ọkọlọtọ (lib/shell.rb), nke mee mgbanwe koodu. Ọ bụrụ na a na-ahazi data enwetara n'aka onye ọrụ na arụmụka mbụ nke Shell#[] ma ọ bụ Shell # ụzọ ule eji elele ọnụnọ nke faịlụ, onye na-awakpo nwere ike ime ka a kpọọ usoro Ruby aka ike.
Nsogbu ndị ọzọ:
- - ikpughe na ihe nkesa http arụnyere n'ime ya Mwakpo nkewa nzaghachi HTTP (ọ bụrụ na mmemme na-etinye data akwadoghị n'ime isi okwu nzaghachi HTTP, mgbe ahụ enwere ike kewaa isi okwu site na ịtinye agwa ahịrị ọhụrụ);
- ngbanwe nke njirimara efu (\0) n'ime ndị a na-enyocha site na usoro "File.fnmatch" na "File.fnmatch?" Enwere ike iji ụzọ faịlụ kpalite ego n'ụzọ ụgha;
- - agọnarị ọrụ na modul nyocha Diges maka WEBrick.
isi: opennet.ru