Please take a moment to review this excellent analysis related to the recent vulnerability found on rubygems.org: CVE-2022-29176
The document written by Maciej Mensfeld will give you a better understanding on what happen and a very accurate conclusion about the impact to the whole Ruby's libraries ecosystem.
Maciej has been working for years securing the full supply chain related to rubygems and now has the support of White Source to have even better infrastructure
We were still learning about the security issue for rubygems when yet another vulnerability was discovered: CVE-2022-29218
This time Maciel also got another excellent piece of Impact Analysis:
But big Mensfeld didn't stop there, he actually created a tool (a gem in the whole extent of the word) to help you figure out if your bundle was compromised:
Please boost this toot for visibility.
A Mastodon instance for Rubyists & friends