RubyGems supply chain rip-and-replace bug fixed – check your logs!

9 May 2022

Popular package management site RubyGems.org, which stores and supplies hundreds of thousands of modules for the widely-used programming language Ruby, just patched a dangerous server-side vulnerability. The bug, dubbed CVE-2022-29176, could have allowed attackers to remove a package that wasn’t theirs (yanking it, in RubyGems jargon), and then to replace it with modified version of their own.

Read full article on Naked Security

Date:

9 May 2022

Categorie(s):

NEWS

Tag(s):

IT, News, RubyGems, Security Pro, Vulnerability

ShrinkLocker Ransomware: What You Need To Know14 November 2024
Navigating the regulatory and compliance landscape of 202514 November 2024
Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future14 November 2024
Google Warns of Rising Cloaking Scams, AI-Driven Fraud, and Crypto Schemes14 November 2024
Semperis HIP conference Day One: Microsoft mea culpa, a call for cybersecurity coalitions14 November 2024