Kugadzirisa kuburitswa kweRuby programming mutauro kwakagadzirwa , ΠΈ , iyo yakagadzirisa zvikanganiso zvina. Kusagadzikana kwakanyanya kwengozi (CVE-2019-16255) muraibhurari yakajairwa (lib/shell.rb), iyo kuita code substitution. Kana data rakagamuchirwa kubva kumushandisi rikagadziriswa mukupokana kwekutanga kweShell#[] kana Shell#test nzira dzinoshandiswa kutarisa kuvepo kwefaira, anorwisa anogona kuita kuti nzira yeRuby idaidzwe.
Mamwe matambudziko:
- -kuratidzwa kune yakavakirwa-mukati http server HTTP mhinduro yekuparadzanisa kurwisa (kana chirongwa chikaisa data isina kusimbiswa muHTTP mhinduro musoro, ipapo musoro unogona kupatsanurwa nekuisa mutsara mutsva);
- Kutsiviwa kwemavara asina maturo (\0) kune ayo akatariswa kuburikidza ne βFile.fnmatchβ uye βFile.fnmatch?β nzira. nzira dzefaira dzinogona kushandiswa kukonzeresa nhema cheki;
- -kuramba sevhisi muDiges yekusimbisa module yeWEBrick.
Source: opennet.ru