Critical Gems Takeover Bug Reported in RubyGems Package Manager,
The maintainers of the RubyGems package manager have addressed a critical security flaw that could have been abused to remove gems and replace them with rogue versions under specific circumstances.
« Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so, » RubyGems said in a security advisory
« Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so, » RubyGems said in a security advisory
,
The maintainers of the RubyGems package manager have addressed a critical security flaw that could have been abused to remove gems and replace them with rogue versions under specific circumstances.
« Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so, » RubyGems said in a security advisory
« Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so, » RubyGems said in a security advisory
, ,
https://thehackernews.com/2022/05/critical-gems-takeover-bug-reported-in.html