Categories: None [Edit]

rubygems-pwn

https://rubygems.org/gems/rubygems-pwn
https://github.com/sophsec/rubygems-pwn
A Proof of Concept (PoC) exploit for an trivial Security vulnerability in how RubyGems converts YAML-dumped gemspecs, back into Ruby code, when installing RubyGems. This ties into the larger design mistake, of storing installed gemspecs as Ruby code; since evaling Ruby code was faster than loading YAML gemspecs. When handling data, it is safer to store it in a static format (YAML, XML, CSV), instead of executable code.

Total

Ranking: - of 180,507
Downloads: -

Daily

Ranking: - of 180,487
Downloads: -

Downloads Trends

Ranking Trends

Num of Versions Trends

Popular Versions (Major)

Popular Versions (Major.Minor)

Depended by

RankDownloadsName

Depends on

RankDownloadsName

Owners

#GravatarHandle
1iconpostmodern