Ukukhishwa okulungile kolimi lokuhlela lwe-Ruby 3.0.1, 2.7.3, 2.6.7 kanye no-2.5.9 kwenziwe, lapho ubungozi obubili bususwa khona:
- I-CVE-2021-28965 isengozini kumojuli eyakhelwe ngaphakathi ye-REXML, lapho, lapho ihlaziya futhi ihlukanisa idokhumenti ye-XML efomethwe ngokukhethekile, ingaholela ekwakhiweni kwedokhumenti ye-XML engalungile isakhiwo sayo esingafani nokwangempela. Ubunzima bokuba sengozini buncike kakhulu komongo, kodwa ukuhlaselwa kwezinye izinhlelo zokusebenza ezisebenzisa i-REXML ngeke kukhishwe.
- I-CVE-2021-28966 iwubungozi obukhethekile beplathifomu ye-Windows evumela ukudalwa kohla lwemibhalo noma ifayela ezingxenyeni zesistimu yefayela ezibhalwa umsebenzisi onamalungelo akhe inqubo ye-Ruby esebenza ngayo. Inkinga ibangelwa ukucubungula okungalungile kwesiqalo endleleni ye-Dir.mktmpdir, okungabandakanyi ukushintshwa kwezakhiwo ezifana nokuthi β..\\β. Ukuze uhlasele, inqubo kufanele isebenzise idatha yangaphandle lapho ikhiqiza inani lesiqalo.
Source: opennet.ru