RubyGems Gem Installation Arbitrary Code Execution Vulnerability – CVE-2019-8324 (Apr 2019)

Preface: In general, Ruby is a good language for game development. Apart from that Ruby has been used by companies like Twitter, Airbnb, Shopify, Github, Slideshare, Basecamp and Shopify.

Synopsis: RubyGems is a package manager for the Ruby programming language that provides a standard format for distributing Ruby programs and libraries (in a self-contained format called a “gem”).

Vulnerability details: CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution. For more details, please refer to attached diagram.

Remedy: RubyGems has released software updates at the following link: https://rubygems.org/pages/download

4 thoughts on “RubyGems Gem Installation Arbitrary Code Execution Vulnerability – CVE-2019-8324 (Apr 2019)”

  1. Hey There. I found your blog using msn. This is a very well written article. I’ll make sure to bookmark it and come back to read more of your useful information. Thanks for the post. I will certainly comeback.|

  2. You’re so cool! I do not think I’ve read through something like this before. So great to discover someone with original thoughts on this subject. Really.. thanks for starting this up. This site is one thing that’s needed on the web, someone with a bit of originality!|

  3. Hello, the whole thing is going nicely here and ofcourse every one is sharing data, that’s in fact excellent, keep up writing.|

  4. Thank you for some other magnificent article. Where else could anybody get that kind of info in such an ideal method of writing? I have a presentation subsequent week, and I am on the search for such info.|

Comments are closed.