4 matches found
CVE-2022-29218
RubyGems is a package registry used to supply software for the Ruby language ecosystem. An ordering mistake in the code that accepts gem uploads allowed some gems with platforms ending in numbers, like arm64-darwin-21 to be temporarily replaced in the CDN cache by a malicious package. The bug has...
CVE-2022-29218 Unauthorized takeover for new versions of some platform-specific gems
RubyGems is a package registry used to supply software for the Ruby language ecosystem. An ordering mistake in the code that accepts gem uploads allowed some gems with platforms ending in numbers, like arm64-darwin-21 to be temporarily replaced in the CDN cache by a malicious package. The bug has...
CVE-2022-29218 Unauthorized takeover for new versions of some platform-specific gems
RubyGems is a package registry used to supply software for the Ruby language ecosystem. An ordering mistake in the code that accepts gem uploads allowed some gems with platforms ending in numbers, like arm64-darwin-21 to be temporarily replaced in the CDN cache by a malicious package. The bug has...
CVE-2022-29218
CVE-2022-29218 affects RubyGems, the Ruby package registry. An ordering mistake in the gem-upload code allowed some gems (platforms ending with numbers, e.g., arm64-darwin-21) to be temporarily replaced in the CDN cache by a malicious package. The issue has been patched, and a broad review of log...