The new RubyGems 2.7.6 release addresses several vulnerabilities in Ruby Gems and implements several security improvements.
The updates prevent path traversal when writing to a symlinked basedir outside of the root and during gem installation.
The updates also address a cross-site scripting (XSS) vulnerability in the homepage attribute when displayed via gem server and an Unsafe Object Deserialization issue in gem owner.
The new RubyGems release raises a security error when there are duplicate files in a package and enforce URL validation on spec homepage attribute.
To update to the latest RubyGems you can run:
gem update --system
[adrotate banner=”9″] | [adrotate banner=”12″] |
(Security Affairs – RubyGems, security)
[adrotate banner=”5″]
[adrotate banner=”13″]
Cisco warns customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services…
Hot Topic suffered credential stuffing attacks that exposed customers' personal information and partial payment data.…
Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…
Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…
Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…
The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…
This website uses cookies.