RubyGems Patches Critical Gem Takeover Vulnerability

RubyGems has patched a serious flaw that allowed any user to uninstall and replace some Ruby gems. is a package hosting and managing site for the Ruby programming language, with over 170,000 gems.

The recently patched vulnerability, known as CVE-2022-29176, affects the ‘yank’ action and may be leveraged by any user on to remove gems from the repository. The pulled gems might then be replaced with malicious gems with the same name, version number, and platform as the originals.

The platform has encouraged all users to examine their programs for signs of potential tampering, even though it hasn’t found any indicators of malicious exploitation of this issue.

Read More:

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.