27 Jun '12, 3pm

rubygems-pwn: A Vulnerability in RubyGems (currently being fixed) : RubyFlow:

rubygems-pwn: A Vulnerability in RubyGems (currently being fixed) Posted by PeterCooper on August 26, 2011 — 6 comments If you've seen people saying to run gem install rubygems-pwn on Twitter (which I don't advise!), it's because it's a proof of concept for a vulnerabilty in RubyGems. The rubygems-pwn project on GitHub has more information about it, but essentially you can push arbitrary Ruby code into gemspec parameters which will then be executed later on. The vulnerability has been discussed in the rubygems repo where a fix has already been made but, hopefully, more general fixes should be made available soon. (If you want to see the direct example of a malicious gemspec, look here. ) Update: RubyGems 1.8.10 has been released to address this vulnerability.

Full article: http://www.rubyflow.com/items/6419-rubygems-pwn-a-vulnera...

Tweets

@rtwomey @sikachu @qrush Could you do "curl -I ...

rubygems.org 09 Jul '12, 1am

learn Install RubyGems 1.8.24 Ruby's premier packaging system Browse the Guides In depth explanations, tutorials, and refe...

streak 0.2.0 released - gem for calculating win...

rubygems.org 02 Jul '12, 1pm

Streak is a gem for calculating win/loss streaks