Kugadziriswa kuburitswa kweRuby programming mutauro 3.0.1, 2.7.3, 2.6.7 uye 2.5.9 kwakagadzirwa, umo kusagadzikana kuviri kunobviswa:
- CVE-2021-28965 injodzi mune yakavakirwa-mukati REXML module, iyo, kana ichidhirowa uye kuenzanisa yakanyatso kurongeka XML gwaro, inogona kutungamira mukugadzirwa kwegwaro reXML risiri iro chimiro chisingaenderane nepakutanga. Kuoma kwekusagadzikana kunoenderana zvakanyanya nemamiriro ezvinhu, asi kurwiswa kune mamwe maapplication anoshandisa REXML hakugone kubviswa.
- CVE-2021-28966 iWindows papuratifomu-chaiyo kusagadzikana iyo inobvumira kugadzirwa kweanopokana dhairekitori kana faira muzvikamu zvefaira system inonyorwa nemushandisi ane kodzero dzeRuby process. Dambudziko rinokonzerwa nekugadzirisa kusina kunaka kwechirevo chekutanga muDir.mktmpdir nzira, iyo isingabatanidzi kuchinjwa kwezvivakwa se "..\\". Kurwisa, maitiro anofanirwa kushandisa data rekunze paunenge uchigadzira iyo prefix kukosha.
Source: opennet.ru