Sha256: 0df4445faec9c01b05ea1ad19637ee7e56d8a4c723e4a4bc6d99a29ae93f58b4

Contents?: true

Size: 483 Bytes

Versions: 3

Compression:

Stored size: 483 Bytes

Contents

---
gem: active-support
cve: 2018-3779
url: https://hackerone.com/reports/392311
title: Malicious ruby gem - active-support
date: 2018-08-09

description: |
  The gem duplicates official `activesupport` (no hyphen) code, but adds a
  compiled extension. The extension attempts to resolve a base64 encoded
  domain, downloads a payload, and executes.

  Replace this gem with the official `activesupport` gem.

related:
  url:
    - https://github.com/rubygems/rubygems.org/pull/1762

Version data entries

3 entries across 3 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/active-support/CVE-2018-3779.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/active-support/CVE-2018-3779.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/active-support/CVE-2018-3779.yml