published corrective updates of the framework ruby on rains 7.0.4.1, 6.1.7.1 and 6.0.6.1 , in which 6 vulnerabilities are eliminated . The most dangerous vulnerability (CVE-2023-22794) can lead to the implementation of the set attack by the SQL command when using external data in the comments processed in Activerecord. The problem is caused by the lack of the necessary shielding of special systems in the comments before maintaining them in the DBMS.
The remaining 4 vulnerabilities lead to a refusal to maintain due to the creation of a high load on the sieve (mainly due to the processing of external data in ineffective and long-term regular expressions).
/Media reports cited above.