Help gem authors mitigate unauthorized gem uploads

40 views
Skip to first unread message

Eliot Sykes

unread,
Apr 4, 2019, 5:53:30 PM4/4/19
to rubygems.org
Hi,

Relating to the malicious version of the bootstrap-sass gem that was uploaded to rubygems, what can gem authors do to mitigate and detect this kind of attack in the future?

https://snyk.io/blog/malicious-remote-code-execution-backdoor-discovered-in-the-popular-bootstrap-sass-ruby-gem/

Many thanks,

Eliot
Reply all
Reply to author
Forward
0 new messages