Critical Gems Takeover Bug Reported in RubyGems Package Manager,
The maintainers of the RubyGems package manager have addressed a critical security flaw that could have been abused to remove gems and replace them with rogue versions under specific circumstances.
“Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so,” RubyGems said in a security advisory
“Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so,” RubyGems said in a security advisory
,
The maintainers of the RubyGems package manager have addressed a critical security flaw that could have been abused to remove gems and replace them with rogue versions under specific circumstances.
“Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so,” RubyGems said in a security advisory
“Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so,” RubyGems said in a security advisory
, ,
https://thehackernews.com/2022/05/critical-gems-takeover-bug-reported-in.html