RubyGems Gem Installation Arbitrary Code Execution Vulnerability – CVE-2019-8324 (Apr 2019)

Preface: In general, Ruby is a good language for game development. Apart from that Ruby has been used by companies like Twitter, Airbnb, Shopify, Github, Slideshare, Basecamp and Shopify.

Synopsis: RubyGems is a package manager for the Ruby programming language that provides a standard format for distributing Ruby programs and libraries (in a self-contained format called a “gem”).

Vulnerability details: CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution. For more details, please refer to attached diagram.

Remedy: RubyGems has released software updates at the following link: https://rubygems.org/pages/download

One thought on “RubyGems Gem Installation Arbitrary Code Execution Vulnerability – CVE-2019-8324 (Apr 2019)”

  1. Hey There. I found your blog using msn. This is a very well written article. I’ll make sure to bookmark it and come back to read more of your useful information. Thanks for the post. I will certainly comeback.|

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.