🥇 Achọpụtara koodu ọjọọ na ndị ahịa ezumike yana ngwungwu Ruby iri 10 ndị ọzọ

Na ngwugwu bara nnukwu uru izu-ike, yana ngụkọta nke nbudata nde 113, mara Mgbanwe nke koodu ọjọọ (CVE-2019-15224) na-ebudata iwu ndị enwere ike ime ma na-eziga ozi na ndị ọbịa mpụga. E sitere na ya buso agha a kwenye Akaụntụ onye nrụpụta rest-client na rubygems.org repository, mgbe nke ahụ gasịrị, ndị mwakpo ahụ bipụtara mwepụta 13-14 na Ọgọst 1.6.10 na 1.6.13, nke gụnyere mgbanwe ọjọọ. Tupu egbochiri nsụgharị ọjọọ ndị ahụ, ihe dị ka otu puku ndị ọrụ jisiri ike budata ha (ndị mwakpo ahụ wepụtara mmelite na nsụgharị ochie ka ha ghara ịdọrọ uche).

Mgbanwe obi ọjọọ na-ewepụ usoro "#authenticate" na klaasị
Identity, mgbe nke ọ bụla usoro oku na-arụpụta na email na paswọọdụ ezitere n'oge a na-anwale nyocha na-ezigara ndị ọbịa nke mwakpo ahụ. N'ụzọ dị otú a, a na-egbochi paramita nbanye nke ndị ọrụ ọrụ na-eji klas Identity na ịwụnye ụdị adịghị ike nke ọbá akwụkwọ ndị ahịa ndị ọzọ, nke. agba dịka ndabere na ọtụtụ ngwugwu Ruby na-ewu ewu, gụnyere ast (nbudata nde 64), oauth (nde 32), fastlane (nde 18), na kubeclient (nde 3.7).

Na mgbakwunye, agbakwunyere ọnụ ụzọ azụ na koodu ahụ, na-ekwe ka emee koodu Ruby aka ike site na ọrụ eval. A na-ebufe koodu ahụ site na kuki nke igodo onye mwakpo ahụ gbaara ama. Iji gwa ndị na-awakpo banyere ntinye nke ngwugwu obi ọjọọ na onye ọbịa na-apụ apụ, a na-eziga URL nke usoro onye ahụ na nhọrọ nke ozi gbasara gburugburu ebe obibi, dị ka okwuntughe echekwara maka DBMS na ọrụ igwe ojii. Edekọtara mgbalị iji budata scripts maka ngwuputa cryptocurrency site na iji koodu ọjọọ ahụ ekwuru n'elu.

Mgbe amụchara koodu obi ọjọọ ọ bụ kpugherena mgbanwe ndị yiri ya dị na ngwugwu 10 na Ruby Gems, nke a na-ejideghị, mana ndị na-awakpo kwadebere ya nke ọma na-adabere na ụlọ akwụkwọ ndị ọzọ na-ewu ewu nwere aha ndị yiri ya, bụ nke ejiri ihe nrịbama ma ọ bụ nke ọzọ dochie dash (dịka ọmụmaatụ, dabere na ya). cron-parser emepụtara ngwugwu ọjọọ cron_parser, ma dabere na doge_coin ngwugwu ọjọọ doge-coin). Ngwugwu nsogbu:

coin_base: 4.2.2, 4.2.1
blockchain_wallet: 0.0.6, 0.0.7
egwu-bot: 1.18.0
doge-coin: 1.0.2
capistrano-agba: 0.5.5
bitcoin_ihe efu: 4.3.3
lita_coin: 0.0.3
na-abịa oge adịghị anya: 0.2.8
omniauth_amazon: 1.0.1
cron_parser: 1.0.12, 1.0.13, 0.1.4

Ebiputere ngwugwu ọjọọ mbụ sitere na ndepụta a na Mee 12, mana ọtụtụ n'ime ha pụtara na Julaị. Na mkpokọta, ebudatara ngwugwu ndị a ihe dị ka ugboro 2500.

isi: opennet.ru

Achọpụtara koodu ọjọọ na ndị ahịa ezumike yana ngwungwu Ruby iri 10 ndị ọzọ

Tinye a comment Отменить ответ