TechEcho

6 comments

travjonesover 7 years ago

>> "a vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files"<p>Yeeks. Not good.<p>(sudo) gem update --system ASAP

评论 #15130283 未加载

评论 #15130173 未加载

评论 #15128898 未加载

评论 #15128817 未加载

trapperkeeper74over 7 years ago

I have a mirror of all Rubygems from last month. Should I scan em for PoCs?

评论 #15132111 未加载

评论 #15132128 未加载

评论 #15132467 未加载

jzelinskieover 7 years ago

Is the work on adding TUF to RubyGems still happening? I can only find this stagnant PR: <a href="https://github.com/rubygems/rubygems/pull/719" rel="nofollow">https://github.com/rubygems/rubygems/pull/719</a>

评论 #15130648 未加载

kichikover 7 years ago

Is there a more detailed description of the vulnerabilities somewhere?

评论 #15128778 未加载

baron816over 7 years ago

I'm sure this has been brought up before, but I think HN should have a special tab where submissions like this get pinned--Important stores where people need to take action on stuff concerning security holes or political events (e.g. Net neutrality).

Multiple vulnerabilities in RubyGems

6 comments

Multiple vulnerabilities in RubyGems

6 comments