Tag: Ruby
-
CVE-2024-7254 (google-protobuf): protobuf-java has potential Denial of Service issue
ADVISORIES CVE-2024-7254 (NVD) GHSA-735f-pc8j-v9w8 Vendor Advisory GEM google-protobuf PATCHED VERSIONS ~> 3.25.5 ~> 4.27.5 >= 4.28.2 …
-
Execute commands by sending JSON? Learn how unsafe deserialization vulnerabilities work in Ruby projects
Can an attacker execute arbitrary commands on a remote server just by sending JSON? Yes, if the running code contains unsafe …
-
White House Recommends Memory-Safe Programming Languages and Security-by-Design
A new White House report focuses on securing computing at the root of cyber attacks — in this case, reducing the attack surface with …
-
Popular Ruby Asciidoc toolkit patched against critical vuln – get the update now!
If you’ve ever written technical documentation to use online, you probably started out by creating it directly in HTML (hypertext markup …
-
Ruby raises $7.3 million to give users granular access control over their data
Ruby announced the close of a $7.3 million round of funding with participation from venture capital funds Digital Strategies, DFG Group, …
-
Trove of RubyGems malware highlights software supply chain issues
Ruby developers beware: a would-be cryptocurrency thief is out to get at your digital wallet, and they’re using typosquatting code to do …
-
Clipboard hijacking malware found in 725 Ruby libraries
Security researchers from ReversingLabs say they’ve discovered 725 Ruby libraries uploaded on the official RubyGems repository that …
-
Backdoored Ruby gems stole credentials, injected cryptomining code
The compromise of several older versions of a popular Ruby software package (aka a Ruby “gem”) has led to the discovery of a more …
-
A backdoor mechanism found in tens of Ruby libraries
Maintainers of the RubyGems package repository have removed 18 malicious versions of 11 Ruby libraries that contained a backdoor. …
-
No REST for the wicked: Ruby gem hacked to siphon passwords, secrets from web devs
An old version of a Ruby software package called that was modified and released about a week ago has been removed from the Ruby Gems …
-
Backdoor code found in 11 Ruby libraries
Maintainers of the RubyGems package repository have yanked 18 malicious versions of 11 Ruby libraries that contained a backdoor mechanism …
-
Backdoor mechanism found in Ruby strong_password library
The developer Tute Costa found a backdoor in the Ruby library during regular security audits before deploying his code in the production …
●●●