Malicious code in freshworks-ruby (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

OPENSUSE-SU-2026:10362-1 ruby4.0-rubygem-railties-8.0-8.0.3-1.3 on GA media

These are all security issues fixed in the ruby4.0-rubygem-railties-8.0-8.0.3-1.3 package on the GA media of openSUSE Tumbleweed...

MAL-2025-192906 Malicious code in haybales (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in comic-vine (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in bosh_plugin-pipeline (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in activerecord_duplicate (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in active-hash-like (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in active-admin_theme (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in a15z7kn-niitsuma_2016_gem (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in a1439ty-bmiV3 (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Man-in-the-Middle (MitM)

Overview slyphon-log4j is a log4j jar file in a gem. Affected versions of this package are vulnerable to Man-in-the-Middle MitM. Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attac...

Malicious Package

Overview airbrake-notifyingthreads is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

RubyGems: Installing a crafted gem package may create or overwrite files

There is no check for name field in metadata.gz. By assigning a maliciously crafted string like ../../../../../any/where to the field, an attacker can create an arbitrary file out of the directory of the gem, or even replace an existing file with a malicious file. Proof of Concept 1: Create a fil...