{ads}

Critical Gems Takeover Bug Reported in RubyGems Package Manager

Written By Monday, 9 May 2022 Add Comment



May 10, 2022 at 11:23AM

The maintainers of the RubyGems package manager have addressed a critical security flaw that could have been abused to remove gems and replace them with rogue versions under specific circumstances. "Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so," RubyGems said in a security advisory

from The Hacker News https://ift.tt/JH3LZvm

0 Response to "Critical Gems Takeover Bug Reported in RubyGems Package Manager"

Post a Comment

Subscribe to: Post Comments (Atom)

Article Top Ads

Central Ads Article 1

Middle Ads Article 2

Article Bottom Ads