Izibuyekezo zokulungisa ku-Ruby on Rails framework 7.0.4.1, 6.1.7.1 kanye no-6.0.6.1 zishicilelwe, lapho ubungozi obungu-6 bulungiswa. Ukuba sengozini okuyingozi kakhulu (CVE-2023-22794) kungaholela ekusebenziseni imiyalo ye-SQL ecaciswe umhlaseli lapho kusetshenziswa idatha yangaphandle kumazwana acutshungulwe ku-ActiveRecord. Inkinga ibangelwa ukuntuleka kokuphunyuka okudingekayo kwezinhlamvu ezikhethekile kumazwana ngaphambi kokuba zigcinwe ku-DBMS.
Ukuba sengozini kwesibili (CVE-2023-22797) kungasetshenziswa ekudluliseleni kwamanye amakhasi (vula ukuqondisa kabusha) uma kusetshenziswa idatha yangaphandle engaqinisekisiwe kusiphathi_sokuqondisa kabusha. Ubungozi obu-4 obusele buholela ekunqatshelweni kwesevisi ngenxa yomthwalo omkhulu ohlelweni (ikakhulukazi ngenxa yokucubungula idatha yangaphandle ngezinkulumo ezivamile ezingasebenzi kahle nezidla isikhathi).
Source: opennet.ru