all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Critical Gems Takeover Bug Reported in RubyGems Package Manager

Add to bookmarks
May 11, 2022, 2:45 a.m. | noreply@blogger.com (Ravie Lakshmanan)

The Hacker News thehackernews.com

The maintainers of the RubyGems package manager have addressed a critical security flaw that could have been abused to remove gems and replace them with rogue versions under specific circumstances.
"Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so," RubyGems said in a security advisory

bug critical gems manager package package manager rubygems takeover

Visit resource

More from thehackernews.com / The Hacker News

The Fundamentals of Cloud Security Stress Testing 3 hours ago | thehackernews.com
assets attackers cloud cloud security +17
Hijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest Version 3 hours ago | thehackernews.com
aim analysis anti-analysis bypass +19
Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites 7 hours ago | thehackernews.com
accounts actively exploited admin bogus +25
Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator 22 hours ago | thehackernews.com
addition administrator agency crime +17
APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data 1 day ago | thehackernews.com
academia access activists apt42 +32
China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion 1 day, 1 hour ago | thehackernews.com
attack back china china-linked hackers +16
New Case Study: The Malicious Comment 1 day, 3 hours ago | thehackernews.com
case code comments discover +12
Google Simplifies 2-Factor Authentication Setup (It's More Important Than Ever) 1 day, 4 hours ago | thehackernews.com
2fa 2-step verification 2sv accounts +18
Russian Operator of BTC-e Crypto Exchange Pleads Guilty to Money Laundering 1 day, 4 hours ago | thehackernews.com
alexander vinnik august btc btc-e +19

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

XDR Detection Engineer

@ SentinelOne | Italy
View on infosec-jobs.com

Security Engineer L2

@ NTT DATA | A Coruña, Spain
View on infosec-jobs.com

Cyber Security Assurance Manager

@ Babcock | Portsmouth, GB, PO6 3EN
View on infosec-jobs.com

Senior Threat Intelligence Researcher

@ CloudSEK | Bengaluru, Karnataka, India
View on infosec-jobs.com

Cybersecurity Analyst 1

@ Spry Methods | Washington, DC (Hybrid)
View on infosec-jobs.com

Security Infrastructure DevOps Engineering Manager

@ Apple | Austin, Texas, United States
View on infosec-jobs.com
View more jobs