科技回声

6 条评论

travjones超过 7 年前

>> "a vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files"<p>Yeeks. Not good.<p>(sudo) gem update --system ASAP

评论 #15130283 未加载

评论 #15130173 未加载

评论 #15128898 未加载

评论 #15128817 未加载

trapperkeeper74超过 7 年前

I have a mirror of all Rubygems from last month. Should I scan em for PoCs?

评论 #15132111 未加载

评论 #15132128 未加载

评论 #15132467 未加载

jzelinskie超过 7 年前

Is the work on adding TUF to RubyGems still happening? I can only find this stagnant PR: <a href="https://github.com/rubygems/rubygems/pull/719" rel="nofollow">https://github.com/rubygems/rubygems/pull/719</a>

评论 #15130648 未加载

kichik超过 7 年前

Is there a more detailed description of the vulnerabilities somewhere?

评论 #15128778 未加载

baron816超过 7 年前

I'm sure this has been brought up before, but I think HN should have a special tab where submissions like this get pinned--Important stores where people need to take action on stuff concerning security holes or political events (e.g. Net neutrality).

Multiple vulnerabilities in RubyGems

6 条评论

Multiple vulnerabilities in RubyGems

6 条评论