Zosintha zosinthidwa ku Ruby on Rails framework 7.0.4.1, 6.1.7.1 ndi 6.0.6.1 zasindikizidwa, momwe zowonongeka za 6 zimakhazikika. Chiwopsezo chowopsa kwambiri (CVE-2023-22794) chitha kutsogolere kutsata malamulo a SQL omwe akunenedwa ndi wowukirayo akamagwiritsa ntchito deta yakunja mu ndemanga zomwe zakonzedwa mu ActiveRecord. Vutoli limayamba chifukwa cha kusowa kofunikira kuthawa kwa zilembo zapadera mu ndemanga musanawapulumutse mu DBMS.
Chiwopsezo chachiwiri (CVE-2023-22797) chitha kugwiritsidwa ntchito potumiza masamba ena (otsegulanso kulozeranso) mukamagwiritsa ntchito deta yakunja yosatsimikizika mu redirect_to handler. Zowonongeka za 4 zotsalira zimabweretsa kukana ntchito chifukwa cha katundu wambiri pa dongosolo (makamaka chifukwa chokonza deta yakunja m'mawu osagwira ntchito komanso owononga nthawi).
Source: opennet.ru