Please take a moment to review this excellent analysis related to the recent vulnerability found on rubygems.org: CVE-2022-29176

The document written by Maciej Mensfeld will give you a better understanding on what happen and a very accurate conclusion about the impact to the whole Ruby's libraries ecosystem.

Maciej has been working for years securing the full supply chain related to rubygems and now has the support of White Source to have even better infrastructure

whitesourcesoftware.com/resour

Follow

We were still learning about the security issue for rubygems when yet another vulnerability was discovered: CVE-2022-29218

github.com/rubygems/rubygems.o

This time Maciel also got another excellent piece of Impact Analysis:

whitesourcesoftware.com/resour

But big Mensfeld didn't stop there, he actually created a tool (a gem in the whole extent of the word) to help you figure out if your bundle was compromised:

rubygems.org/gems/bundler-inte

Please boost this toot for visibility.

Sign in to participate in the conversation
Ruby.social

A Mastodon instance for Rubyists & friends