[CVE-2019-15224] Version 1.6.13 published with malicious backdoor.

On August 14, attackers published a series of rest-client versions from 1.6.10 to 1.6.13 using the credentials of a rest-client maintainer whose RubyGems.org account was compromised. The affected versions were downloaded a small number of times (~1000).On August 19, @juskoljo observed the malicious gem version and created this issue. Later that day, the RubyGems security team yanked the offending gem version and locked the affected maintainer'saccount. Several other gems were similarly affected.https://github.com/rubygems/rubygems.org/wiki/Gems-yanked-and-accounts-locked.
[CVE-2019-15224] Version 1.6.13 published with malicious backdoor. #ruby #rails #rubyonrails #bosnia #programming #tutorials #rubydeveloper #railsdeveloper

Nezir Zahirovic

Freelance software developer Ruby On Rails (6 years) / MCPD .Net / C# / Asp.Net / CSS / SQL / (11 years)

related articles