Описание
active-support impersonates 'activesupport' gem
The active-support ruby gem gem is malware and duplicates the official activesupport (no hyphen) gem, but adds a compiled extension. The extension attempts to resolve a base64 encoded domain (29faea63.planfhntage.de), downloads a payload, and executes.
This trojan horse gem could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system. No version of this gem should be considered safe.
Пакеты
active-support
Отсутствует
Связанные уязвимости
active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system.
active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system.
Уязвимость пакета active-support gem для языка программирования Ruby, позволяющая нарушителю выполнить произвольный код