---
gem: active-support
cve: 2018-3779
url: https://hackerone.com/reports/392311
title: Malicious ruby gem - active-support
date: 2018-08-09

description: |
  The gem duplicates official `activesupport` (no hyphen) code, but adds a
  compiled extension. The extension attempts to resolve a base64 encoded
  domain, downloads a payload, and executes.

  Replace this gem with the official `activesupport` gem.

related:
  url:
    - https://github.com/rubygems/rubygems.org/pull/1762