96 matches found
Malicious code in a15745105-ichinokii (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in a14z6ch-elapsed-days (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in a-stupid_test_gem (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in 3scale-client (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in 37_pieces-of-flair (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in puppet-module-posix-system-r3.2 (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 835ce606cd37fa823a80a445ab30dce0ec0005af3a78f9ed7a8d35d63db99474 The OpenSSF Package Analysis project identified 'puppet-module-posix-system-r3.2' @ 1.0.0 rubygems as malicious. It is considered malicious...
Malicious code in naveengem (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 12a3ed7380fdb815c2f8c5a086b33d516acc0bbdaab4d4df8203efed20ae348b The OpenSSF Package Analysis project identified 'naveengem' @ 0.1.0 rubygems as malicious. It is considered malicious because: - The package...
Malicious code in ptrsec_rce (RubyGems)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5c5f0c378deb022411d3a83e2b929f8ef8f9ad8e8eedd366e0863b7eb25d8aea The OpenSSF Package Analysis project identified 'ptrsecrce' @ 0.0.1 rubygems as malicious. It is considered malicious because: - The package...
rubygem-activesupport 安全漏洞
rubygem-activesupport is an application of rubygems open source. A security vulnerability exists in rubygem-activesupport. An attacker exploited the vulnerability to perform a regular expression denial of service attack...
GHSA-2V5C-755P-P4GV Missing TLS certificate verification in faye-websocket
The Faye::WebSocket::Client class uses the EM::Connectionstarttls1 method in EventMachine2 to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not implement certificate verification by default, meaning that it does not check that the server presents a...
Missing TLS certificate verification in faye-websocket
The Faye::WebSocket::Client class uses the EM::Connectionstarttls1 method in EventMachine2 to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not implement certificate verification by default, meaning that it does not check that the server presents a...
Malicious Package
Overview alertyplugin-slack is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...
Malicious Package
Overview barometer-weather-bug is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...
Malicious Package
Overview assemblylineformatter is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...
The vulnerability of the RubyGems package management system lies in its improper verification of cryptographic signatures, allowing a hacker to execute arbitrary code.
The vulnerability of the RubyGems package management system is related to improper verification of the cryptographic signatures of packages. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
Fedora 17 : rubygems-1.8.23-20.fc17 (2012-6132)
New version 1.8.23 is released. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...