Lintlafatso tse lokisoang ho Ruby on Rails 7.0.4.1, 6.1.7.1 le 6.0.6.1 moralo o hatisitsoe, ho lokisa mefokolo ea 6. Kotsi e kotsi ka ho fetesisa (CVE-2023-22794) e ka lebisa ho phethisoeng ha litaelo tsa SQL tse boletsoeng ke mohlaseli ha a sebelisa data ea kantle ho maikutlo a sebetsitsoeng ho ActiveRecord. Bothata bo bakoa ke ho hloka ho phonyoha ho hlokahalang ha litlhaku tse khethehileng ho maikutlo pele li bolokiloe ho DBMS.
Kotsi ea bobeli (CVE-2023-22797) e ka sebelisoa ho fetisetsa maqepheng a mang (ho buloa hape) ha o sebelisa data e sa netefatsoang ea kantle ho redirect_to handler. Bofokoli bo setseng ba 4 bo lebisa ho haneloa ha tšebeletso ka lebaka la ho thehoa ha mojaro o phahameng tsamaisong (haholo-holo ka lebaka la ho sebetsana le data ea ka ntle ka lipolelo tse tloaelehileng tse sa sebetseng le tse telele).
Source: opennet.ru