Unauthorized gem takeover for some gems · Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so.

This page summarizes the projects mentioned and recommended in the original post on /r/blueteamsec

Our great sponsors
  • PopRuby - Clothing and Accessories for Ruby Developers
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • RubyGems

    The Ruby community's gem hosting service.

  • PopRuby

    PopRuby: Clothing and Accessories for Ruby Developers. Fashion meets Ruby! Shop our fun Ruby-inspired apparel and accessories designed to celebrate the joy and diversity of the Ruby community.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts