May 14, 2022
0 0

Critical Gems Takeover Bug Reported in RubyGems Package Manager

Written by

The maintainers of the RubyGems package manager have addressed a critical security flaw that could have been abused to remove gems and replace them with rogue versions under specific circumstances.
“Due to a bug in the yank action, it was possible for any user to remove and replace certain gems even if that user was not authorized to do so,” RubyGems said in a security advisory

Article Categories:
Cybersecurity News

Comments are closed.