RubyGems has patched a serious flaw that allowed any RubyGems.org user to uninstall and replace some Ruby gems. RubyGems.org is a package hosting and managing site for the Ruby programming language, with over 170,000 gems.
The recently patched vulnerability, known as CVE-2022-29176, affects the ‘yank’ action and may be leveraged by any user on RubyGems.org to remove gems from the repository. The pulled gems might then be replaced with malicious gems with the same name, version number, and platform as the originals.
The platform has encouraged all users to examine their programs for signs of potential tampering, even though it hasn’t found any indicators of malicious exploitation of this issue.
Read More: https://www.securityweek.com/rubygems-fixes-critical-gem-takeover-vulnerability
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.