Please take a moment to review this excellent analysis related to the recent vulnerability found on CVE-2022-29176

The document written by Maciej Mensfeld will give you a better understanding on what happen and a very accurate conclusion about the impact to the whole Ruby's libraries ecosystem.

Maciej has been working for years securing the full supply chain related to rubygems and now has the support of White Source to have even better infrastructure

We were still learning about the security issue for rubygems when yet another vulnerability was discovered: CVE-2022-29218

This time Maciel also got another excellent piece of Impact Analysis:

But big Mensfeld didn't stop there, he actually created a tool (a gem in the whole extent of the word) to help you figure out if your bundle was compromised:

Please boost this toot for visibility.

Sign in to participate in the conversation

A Mastodon instance for Rubyists & friends