Siideynta saxda ah ee luqadda barnaamijka Ruby ayaa la sameeyay , ΠΈ , kaas oo hagaajiyay afar baylahda. Nuglaanta ugu khatarta badan (CVE-2019-16255) ee maktabadda caadiga ah (lib/shell.rb), kaas samee beddelka koodka. Haddii xogta laga helo isticmaalaha lagu farsameeyo doodda ugu horreysa ee Shell#[] ama hababka tijaabada Shell# ee loo isticmaalo in lagu hubiyo joogitaanka faylka, weeraryahanku wuxuu sababi karaa habka Ruby ee aan loo baahnayn in loogu yeero.
Dhibaatooyinka kale:
- - la kulanka server-ka ku dhex jira ee http Weerar kala qaybsanaanta jawaabta HTTP (haddii barnaamijku geliyo xog aan la hubin cinwaanka jawaabta HTTP, ka dib madaxa waa la kala qaybin karaa iyadoo la geliyo xarfo cusub);
- ku beddelka jilaha null (\0) ee lagu hubiyay hababka "File.fnmatch" iyo "File.fnmatch?" Wadooyinka faylka waxaa loo isticmaali karaa in si been abuur ah loo kiciyo jeegga;
- - diidmada adeegga ee moduleka xaqiijinta Diges ee WEBrick.
Source: opennet.ru