Backdoors in multiple gems for Ruby

Published: 2020-04-22

Risk	Critical
Patch available	NO
Number of vulnerabilities	1
CVE-ID	N/A
CWE-ID	CWE-506
Exploitation vector	Network
Public exploit	Vulnerability #1 is being exploited in the wild.
Vulnerable software	atlas-client Web applications / Modules and components for CMS appium-lib Web applications / Modules and components for CMS action-mailer_cache_delivery Web applications / Modules and components for CMS activemodel_validators Web applications / Modules and components for CMS asciidoctor_bibliography Web applications / Modules and components for CMS assets-pipeline Web applications / Modules and components for CMS apress_validators Web applications / Modules and components for CMS ar_octopus-replication-tracking Web applications / Modules and components for CMS aliyun-open_search Web applications / Modules and components for CMS aliyun-mns Web applications / Modules and components for CMS ab_split Web applications / Modules and components for CMS apns-polite Web applications / Modules and components for CMS alephant_publisher Web applications / Modules and components for CMS alephant_publisher-queue Web applications / Modules and components for CMS alephant_publisher-request Web applications / Modules and components for CMS abbyy_ruby Web applications / Modules and components for CMS accredible_api-ruby Web applications / Modules and components for CMS accredible_ruby Web applications / Modules and components for CMS adequate-serializer Web applications / Modules and components for CMS algolia-places Web applications / Modules and components for CMS ali-dayu Web applications / Modules and components for CMS alias-helper Web applications / Modules and components for CMS alidns_ruby Web applications / Modules and components for CMS access-lint Web applications / Modules and components for CMS aligned-table Web applications / Modules and components for CMS alipay-dualfun Web applications / Modules and components for CMS accesslint_ci Web applications / Modules and components for CMS ach-client Web applications / Modules and components for CMS acme_cli Web applications / Modules and components for CMS ardm_validations Web applications / Modules and components for CMS alipay-escrow Web applications / Modules and components for CMS action-links Web applications / Modules and components for CMS banner-jobsub Web applications / Modules and components for CMS actionmailer-inline_css Web applications / Modules and components for CMS actionview-link-to_blank Web applications / Modules and components for CMS actionview-link-to_block Web applications / Modules and components for CMS adapter_sqlite3 Web applications / Modules and components for CMS active_profiling Web applications / Modules and components for CMS active-subset-validator Web applications / Modules and components for CMS active-admin-duplicatable Web applications / Modules and components for CMS aliyun_odps Web applications / Modules and components for CMS aliyun_push Web applications / Modules and components for CMS aliyun_sdk-core Web applications / Modules and components for CMS active-comparison_validator Web applications / Modules and components for CMS active-delivery Web applications / Modules and components for CMS active-hash-like Web applications / Modules and components for CMS active-link_to Web applications / Modules and components for CMS active-merchant_mollie Web applications / Modules and components for CMS aliyun-live Web applications / Modules and components for CMS backbone_subroute-rails Web applications / Modules and components for CMS agnostic_duplicate Web applications / Modules and components for CMS active-model_serializers-hash_wrapper Web applications / Modules and components for CMS active-model_serializers-jsonapi_embedded_records_deserializer Web applications / Modules and components for CMS acts-as_splittable Web applications / Modules and components for CMS active-model_serializers_binary Web applications / Modules and components for CMS active-model_serializers_cancancan Web applications / Modules and components for CMS allscripts-unity_client Web applications / Modules and components for CMS acts-as_publishable Web applications / Modules and components for CMS active-model_serializers_validator Web applications / Modules and components for CMS amplitude_api Web applications / Modules and components for CMS active-model_validates_intersection_of Web applications / Modules and components for CMS active-model_validators_ex Web applications / Modules and components for CMS active-public_resources Web applications / Modules and components for CMS active-publisher Web applications / Modules and components for CMS active-record_fix_integer_limit Web applications / Modules and components for CMS active-record_inline_schema Web applications / Modules and components for CMS active-record_lite Web applications / Modules and components for CMS active-record_serialize_json Web applications / Modules and components for CMS android_command-line-tools Web applications / Modules and components for CMS active-replicas Web applications / Modules and components for CMS android-lint_translate_checkstyle_format Web applications / Modules and components for CMS active-scaffold_config_list_vho Web applications / Modules and components for CMS active-serializer Web applications / Modules and components for CMS active-support_alias_class_method Web applications / Modules and components for CMS acts-as_list_with_sti_support Web applications / Modules and components for CMS acts-as_liked Web applications / Modules and components for CMS acts-as_likeable Web applications / Modules and components for CMS activeadmin_mongoid-localize Web applications / Modules and components for CMS activeadmin-globalize_inputs Web applications / Modules and components for CMS apache-sling_api_client Web applications / Modules and components for CMS auto-localize Web applications / Modules and components for CMS auto-flick Web applications / Modules and components for CMS auto-click Web applications / Modules and components for CMS api-client_builder Web applications / Modules and components for CMS activemerchant_clickandbuy Web applications / Modules and components for CMS activemerchant_payline Web applications / Modules and components for CMS api-geo_client Web applications / Modules and components for CMS activerecord-json_validator Web applications / Modules and components for CMS aker-cas-cli Web applications / Modules and components for CMS attr-validator Web applications / Modules and components for CMS age-validator Web applications / Modules and components for CMS activerecord-globalize Web applications / Modules and components for CMS agave_client Web applications / Modules and components for CMS apple_news-client Web applications / Modules and components for CMS apple-class_client Web applications / Modules and components for CMS apple-dep_client Web applications / Modules and components for CMS application-digester Web applications / Modules and components for CMS ae-validates-timeliness Web applications / Modules and components for CMS application-insights Web applications / Modules and components for CMS application-seeds Web applications / Modules and components for CMS active-subset_validator Web applications / Modules and components for CMS aptible_cli Web applications / Modules and components for CMS asset-pipeline_i18n Web applications / Modules and components for CMS aptly-cli Web applications / Modules and components for CMS adyen_ruby-api-library Web applications / Modules and components for CMS asset-host_client Web applications / Modules and components for CMS advisors-command_client Web applications / Modules and components for CMS activerecord-database-validations Web applications / Modules and components for CMS activerecord_databasevalidations Web applications / Modules and components for CMS ar_serialize-helpers Web applications / Modules and components for CMS activerecord_duplicate Web applications / Modules and components for CMS aspose-slides_cloud Web applications / Modules and components for CMS asciidoctor_pdf-linewrap-ja Web applications / Modules and components for CMS address-validate Web applications / Modules and components for CMS arabic-normalizer Web applications / Modules and components for CMS archivist_client Web applications / Modules and components for CMS array-xml-serialization Web applications / Modules and components for CMS argentinian_validations Web applications / Modules and components for CMS ardm_serializer Web applications / Modules and components for CMS acme_client Web applications / Modules and components for CMS activerecord_denormalize Web applications / Modules and components for CMS arethusa_cli Web applications / Modules and components for CMS ardm_sqlite-adapter Web applications / Modules and components for CMS arethusa_client Web applications / Modules and components for CMS artoo_crazyflie Web applications / Modules and components for CMS action-cable_subscription_adapter Web applications / Modules and components for CMS action-pubsub Web applications / Modules and components for CMS action-subscriber Web applications / Modules and components for CMS acts-as_subscribable Web applications / Modules and components for CMS after-the_deadline Web applications / Modules and components for CMS ajax-submit_rails Web applications / Modules and components for CMS assembly_client Web applications / Modules and components for CMS assemblyline_ruby Web applications / Modules and components for CMS array_subindex Web applications / Modules and components for CMS asset-symlink Web applications / Modules and components for CMS aws-sns_subscription Web applications / Modules and components for CMS approval_ratings-cli-app Web applications / Modules and components for CMS campaign-monitor_subscriber Web applications / Modules and components for CMS activerecord_like Web applications / Modules and components for CMS applicious-utils Web applications / Modules and components for CMS assets-live_compile Web applications / Modules and components for CMS activerecord-msgpack-serializer Web applications / Modules and components for CMS abbyy_cloud Web applications / Modules and components for CMS abn-validator Web applications / Modules and components for CMS alias-class Web applications / Modules and components for CMS applicaster_logger Web applications / Modules and components for CMS applicant-tracking_api Web applications / Modules and components for CMS acception_client Web applications / Modules and components for CMS aliyun_mqs Web applications / Modules and components for CMS active_model-email-validator Web applications / Modules and components for CMS active-admin_filters_visibility Web applications / Modules and components for CMS active-application Web applications / Modules and components for CMS active-model_serializer_plus Web applications / Modules and components for CMS activerecord-rescue-from_duplicate Web applications / Modules and components for CMS active-model_serializers-matchers Web applications / Modules and components for CMS address-validator Web applications / Modules and components for CMS attribute-normalizer-extras Web applications / Modules and components for CMS audiobank_client Web applications / Modules and components for CMS allq-client Web applications / Modules and components for CMS active-model_serializers_matchers Web applications / Modules and components for CMS amazon_kinesis-client-ruby Web applications / Modules and components for CMS activerecord-strict_validations Web applications / Modules and components for CMS acts-as_commentable_with_replies Web applications / Modules and components for CMS acts-as_journalized Web applications / Modules and components for CMS amplifypay-ruby Web applications / Modules and components for CMS active-model_type_validator Web applications / Modules and components for CMS auto-scaling_methods Web applications / Modules and components for CMS apache-felix_webconsole_client Web applications / Modules and components for CMS apache-felix_api_client Web applications / Modules and components for CMS active-replica Web applications / Modules and components for CMS active-validator Web applications / Modules and components for CMS active-rest_client Web applications / Modules and components for CMS active-validation Web applications / Modules and components for CMS ansible-tower_client Web applications / Modules and components for CMS angular-form_validation Web applications / Modules and components for CMS angular_turbolinks Web applications / Modules and components for CMS android-string_resources_validator Web applications / Modules and components for CMS access-policy Web applications / Modules and components for CMS any_validate Web applications / Modules and components for CMS acts-as_multilingual Web applications / Modules and components for CMS ActiveAdmin_Globalize3-inputs Web applications / Modules and components for CMS authenticator_client Web applications / Modules and components for CMS activemerchant-banklink Web applications / Modules and components for CMS apiotics-aws_client Web applications / Modules and components for CMS ama-validators Web applications / Modules and components for CMS active-model_serializers_pg Web applications / Modules and components for CMS apiotics-aws_iot_client Web applications / Modules and components for CMS apitool_client Web applications / Modules and components for CMS acts-as_read_only_i18n_localised Web applications / Modules and components for CMS activerecord-safe-initialize Web applications / Modules and components for CMS aliyun-ruby_api Web applications / Modules and components for CMS appfigures-client Web applications / Modules and components for CMS active-model_policy Web applications / Modules and components for CMS active-model-permalink Web applications / Modules and components for CMS aliyun_slb Web applications / Modules and components for CMS appium-doc_lint Web applications / Modules and components for CMS aliyun_rds Web applications / Modules and components for CMS active-admin_globalize3_locale_selector Web applications / Modules and components for CMS activemodel-behavior-validator Web applications / Modules and components for CMS at_validations Web applications / Modules and components for CMS astroboa_cli Web applications / Modules and components for CMS aliyun_mq-sdk Web applications / Modules and components for CMS alive-state Web applications / Modules and components for CMS aliseeks-api Web applications / Modules and components for CMS alipay-global Web applications / Modules and components for CMS act-as_serializable Web applications / Modules and components for CMS access-policy_rails Web applications / Modules and components for CMS acts-as_localized Web applications / Modules and components for CMS accepts-nested_serialized_attributes Web applications / Modules and components for CMS alidayu-api Web applications / Modules and components for CMS alias-to_method Web applications / Modules and components for CMS alias-scope Web applications / Modules and components for CMS alias-metrics Web applications / Modules and components for CMS activemodel-email-address_validator Web applications / Modules and components for CMS application-config Web applications / Modules and components for CMS ali-mns Web applications / Modules and components for CMS association-validator Web applications / Modules and components for CMS ability-list Web applications / Modules and components for CMS activemodel-immutable-validator Web applications / Modules and components for CMS capistrano-scm-git-with_submodule_and_resolv_symlinks Web applications / Modules and components for CMS capistrano_copy-subdir Web applications / Modules and components for CMS adb_sdklib Web applications / Modules and components for CMS alacrity-client Web applications / Modules and components for CMS activerecord_jdbcsplice-adapter Web applications / Modules and components for CMS assets_publisher-for-hanami Web applications / Modules and components for CMS agile_cli Web applications / Modules and components for CMS activemodel-ipaddr-validator Web applications / Modules and components for CMS activerecord_implicit-order Web applications / Modules and components for CMS activerecord-forbid-implicit_connection_checkout Web applications / Modules and components for CMS ar-lightning Web applications / Modules and components for CMS assembla-cli Web applications / Modules and components for CMS asana_cli Web applications / Modules and components for CMS archive-lister Web applications / Modules and components for CMS adn_cli Web applications / Modules and components for CMS administrate_field-paperclip Web applications / Modules and components for CMS administrate_field-mobility Web applications / Modules and components for CMS acception_subscriber Web applications / Modules and components for CMS activemodel-base64-validator Web applications / Modules and components for CMS addy-caddy_client Web applications / Modules and components for CMS adtech_api-client Web applications / Modules and components for CMS addons_client Web applications / Modules and components for CMS alcatraz_client Web applications / Modules and components for CMS aliyun_mts Web applications / Modules and components for CMS aliyun-sls Web applications / Modules and components for CMS aliyun-sls_sdk Web applications / Modules and components for CMS also-validates Web applications / Modules and components for CMS acts-as_publicable Web applications / Modules and components for CMS android_publisher Web applications / Modules and components for CMS angel-list Web applications / Modules and components for CMS answers_ruby-client Web applications / Modules and components for CMS anything_slider Web applications / Modules and components for CMS anything-slider_rails Web applications / Modules and components for CMS active-pubsub Web applications / Modules and components for CMS capistrano_scm-gitsubmodules Web applications / Modules and components for CMS ability-engine Web applications / Modules and components for CMS apn-client Web applications / Modules and components for CMS apocalypse_client Web applications / Modules and components for CMS activerecord-serialize-coders Web applications / Modules and components for CMS apod_cli Web applications / Modules and components for CMS app_cli Web applications / Modules and components for CMS activerecord_publishable Web applications / Modules and components for CMS application-module Web applications / Modules and components for CMS activerecord_locking-symbolic Web applications / Modules and components for CMS ace_client-ext Web applications / Modules and components for CMS applied-css Web applications / Modules and components for CMS ar-database_duplicator Web applications / Modules and components for CMS ar-json_serialize Web applications / Modules and components for CMS ar-publish_control Web applications / Modules and components for CMS area-code_validator Web applications / Modules and components for CMS assemblyline_cli Web applications / Modules and components for CMS assemblyline_formatter Web applications / Modules and components for CMS active-model_version_serializers Web applications / Modules and components for CMS activemodel-url-validator Web applications / Modules and components for CMS asset-pipeline Web applications / Modules and components for CMS actionmailer-localized-preview Web applications / Modules and components for CMS active-model-attributes_validation Web applications / Modules and components for CMS activemodel-can-validator Web applications / Modules and components for CMS at-least_one_existence_validator Web applications / Modules and components for CMS atacama-client Web applications / Modules and components for CMS auth_transis-client Web applications / Modules and components for CMS auth-client Web applications / Modules and components for CMS authenticated-client Web applications / Modules and components for CMS auto-validate Web applications / Modules and components for CMS active-model_serializers-cancan Web applications / Modules and components for CMS asset-link Web applications / Modules and components for CMS assets-offline Web applications / Modules and components for CMS 3scale-client Web applications / Modules and components for CMS apigee-cli Web applications / Modules and components for CMS asterisk_ari-client Web applications / Modules and components for CMS capistrano_auth-subscriber Web applications / Modules and components for CMS apidone_client Web applications / Modules and components for CMS applidget_oauth2 Web applications / Modules and components for CMS capistrano_rails-subdir Web applications / Modules and components for CMS apibanca_client Web applications / Modules and components for CMS a1409yo-health Web applications / Modules and components for CMS acmesmith_designate Web applications / Modules and components for CMS a1408nw-Ounennhei Web applications / Modules and components for CMS abbreviated-methods Web applications / Modules and components for CMS acmesmith_ns1 Web applications / Modules and components for CMS aastra-xml_api Web applications / Modules and components for CMS a1447ll-hpbd Web applications / Modules and components for CMS act-as_enumerable Web applications / Modules and components for CMS acme_smileage Web applications / Modules and components for CMS a15z8my-name Web applications / Modules and components for CMS action-meta_tags Web applications / Modules and components for CMS act-as_time_as_boolean Web applications / Modules and components for CMS abstract-api_wrapper Web applications / Modules and components for CMS acme_pki Web applications / Modules and components for CMS acmesmith_verisign Web applications / Modules and components for CMS abiquo_api Web applications / Modules and components for CMS acmesmith_google-cloud-dns Web applications / Modules and components for CMS acmesmith_google-cloud-storage Web applications / Modules and components for CMS active-merchant-mollie Web applications / Modules and components for CMS rack_envinspector Web applications / Modules and components for CMS edmunds-vin Web applications / Modules and components for CMS deriving-license Web applications / Modules and components for CMS comic-vine Web applications / Modules and components for CMS act-as_nameable Web applications / Modules and components for CMS a15666011-konagayoshi Web applications / Modules and components for CMS rails_test-serving Web applications / Modules and components for CMS a1548sy-yamamoto Web applications / Modules and components for CMS seeing-is_believing Web applications / Modules and components for CMS a1539kh-calculator Web applications / Modules and components for CMS omniauth_marvin Web applications / Modules and components for CMS acme-base64-hexagrams Web applications / Modules and components for CMS twitter_vine Web applications / Modules and components for CMS aai10_mechanize Web applications / Modules and components for CMS 1-as_identity_function Web applications / Modules and components for CMS em_synchrony-dataone-vin Web applications / Modules and components for CMS divining-rod Web applications / Modules and components for CMS moving-images Web applications / Modules and components for CMS a-stupid_test_gem Web applications / Modules and components for CMS jmcnevin-rghost-barcode Web applications / Modules and components for CMS a1426kt-prime-number Web applications / Modules and components for CMS 3scale-time_range Web applications / Modules and components for CMS a1521hk-minitest_practice Web applications / Modules and components for CMS a1426kt-prime_number Web applications / Modules and components for CMS aastra-xml-api Web applications / Modules and components for CMS acme_heisenberg Web applications / Modules and components for CMS acme_bleach Web applications / Modules and components for CMS absa_notify-me Web applications / Modules and components for CMS vagrant_hvinfo Web applications / Modules and components for CMS moving-average Web applications / Modules and components for CMS action-parameter Web applications / Modules and components for CMS nhtsa-vin Web applications / Modules and components for CMS a-special_day Web applications / Modules and components for CMS movingsign-api Web applications / Modules and components for CMS a14z6ch-elapsed_days Web applications / Modules and components for CMS a-stupid-test_gem Web applications / Modules and components for CMS living-dead Web applications / Modules and components for CMS ab-panel Web applications / Modules and components for CMS kevins-propietary_brain Web applications / Modules and components for CMS acme_leeway Web applications / Modules and components for CMS indonesian-province Web applications / Modules and components for CMS gimme-vins Web applications / Modules and components for CMS hello-kelvinst Web applications / Modules and components for CMS galvinhsiu-active-cart Web applications / Modules and components for CMS aasm-ohm_persistence Web applications / Modules and components for CMS first-giving_api Web applications / Modules and components for CMS 3scale-time-range Web applications / Modules and components for CMS kevin-thompson Web applications / Modules and components for CMS mars-rover_alvin Web applications / Modules and components for CMS devino-sms Web applications / Modules and components for CMS bitmovin_api Web applications / Modules and components for CMS moving-words Web applications / Modules and components for CMS actioncontroller-parameter-filter Web applications / Modules and components for CMS multi-movingsign Web applications / Modules and components for CMS abbish-sequel_plugins Web applications / Modules and components for CMS forgiving-nil Web applications / Modules and components for CMS 37_pieces-of-flair Web applications / Modules and components for CMS 3months-staff_schedule Web applications / Modules and components for CMS 99designs_tasks Web applications / Modules and components for CMS a1510jy-bmi Web applications / Modules and components for CMS a1520mk-exercise4 Web applications / Modules and components for CMS aasm-active-fedora Web applications / Modules and components for CMS a1501da-birthday Web applications / Modules and components for CMS aasm-history Web applications / Modules and components for CMS a1508ki-ika Web applications / Modules and components for CMS a15745105-ichinoki Web applications / Modules and components for CMS a1616ts-gem Web applications / Modules and components for CMS a1624-bmi Web applications / Modules and components for CMS a1535yt-gem Web applications / Modules and components for CMS a1447ll-mini_test Web applications / Modules and components for CMS a1630ty-a1630ty Web applications / Modules and components for CMS a1521hk-age Web applications / Modules and components for CMS a1632ma-ano Web applications / Modules and components for CMS a15745105-ichinokii Web applications / Modules and components for CMS a15z7kn-niitsuma_2016_gem Web applications / Modules and components for CMS a-special-day Web applications / Modules and components for CMS a1521hk-minitest-practice Web applications / Modules and components for CMS a14z6ch-elapsed-days Web applications / Modules and components for CMS a1439ty-bmiV3 Web applications / Modules and components for CMS a1420ks-bmi Web applications / Modules and components for CMS a1412tk-bmi Web applications / Modules and components for CMS allocation-stats Web applications / Modules and components for CMS alerty-plugin-datadog-event Web applications / Modules and components for CMS 1-as-identity_function Web applications / Modules and components for CMS alexa-plugin_generator Web applications / Modules and components for CMS a1437ky-bmi3 Web applications / Modules and components for CMS fluent_plugin-stats Web applications / Modules and components for CMS a1330ks-bmi Web applications / Modules and components for CMS active-record_stats Web applications / Modules and components for CMS foot-stats Web applications / Modules and components for CMS a1447ll-test Web applications / Modules and components for CMS active-scaffold_batch_vho Web applications / Modules and components for CMS airbrake_statsd Web applications / Modules and components for CMS belong_plugin-rds-pgsql-log Web applications / Modules and components for CMS cocoapods_fixbugs-plugin Web applications / Modules and components for CMS a_test-gem Web applications / Modules and components for CMS autoproj_stats Web applications / Modules and components for CMS arproxy-plugin-mysql-casual_log Web applications / Modules and components for CMS gamer-stats Web applications / Modules and components for CMS bunto-test_plugin Web applications / Modules and components for CMS chef_handler-statsd Web applications / Modules and components for CMS codestats_metrics-reporter Web applications / Modules and components for CMS atlassian-plugin_installer Web applications / Modules and components for CMS apptuit_fluent-plugin Web applications / Modules and components for CMS admiral-stats_parser Web applications / Modules and components for CMS education-stats Web applications / Modules and components for CMS bunto-test_plugin_malicious Web applications / Modules and components for CMS em_statsd-ruby Web applications / Modules and components for CMS emque_stats Web applications / Modules and components for CMS fluent_plugin-datadog-statsd Web applications / Modules and components for CMS commonmarker_pluggable Web applications / Modules and components for CMS halo-stats Web applications / Modules and components for CMS active-redis_stats Web applications / Modules and components for CMS blade-sauce-labs_plugin Web applications / Modules and components for CMS github_org-stats Web applications / Modules and components for CMS fluent_plugin-statsd Web applications / Modules and components for CMS fluent_plugin-statsd-event Web applications / Modules and components for CMS cap_drupal-multisite Web applications / Modules and components for CMS arctica_autorization-rails-plugin Web applications / Modules and components for CMS gitstats_rb Web applications / Modules and components for CMS dradis_nmap Web applications / Modules and components for CMS get-stats Web applications / Modules and components for CMS fluent_plugin-statsd-output Web applications / Modules and components for CMS fluent_plugin-stats-notifier Web applications / Modules and components for CMS github_release-stats Web applications / Modules and components for CMS fluent-plugin-haproxy-stats Web applications / Modules and components for CMS gitstats_ruby Web applications / Modules and components for CMS wordify-stuckiest Web applications / Modules and components for CMS fluent_plugin-dogstatsd Web applications / Modules and components for CMS jenkins-statsd Web applications / Modules and components for CMS alerty-plugin-amazon-sns Web applications / Modules and components for CMS em_statsd Web applications / Modules and components for CMS alerty_plugin-ikachan Web applications / Modules and components for CMS alerty_plugin-mail Web applications / Modules and components for CMS alerty_plugin-slack Web applications / Modules and components for CMS danger_apkstats Web applications / Modules and components for CMS contributors-stats Web applications / Modules and components for CMS active-model-password Web applications / Modules and components for CMS activeadmin-jfu_upload Web applications / Modules and components for CMS acts-as_explorable Web applications / Modules and components for CMS claide_plugins Web applications / Modules and components for CMS alephant_logger-statsd Web applications / Modules and components for CMS angular_file-upload-rails Web applications / Modules and components for CMS a1436mm-age Web applications / Modules and components for CMS batali_infuse Web applications / Modules and components for CMS bosh_plugin-pipeline Web applications / Modules and components for CMS bosh-cli_plugin_consul Web applications / Modules and components for CMS capistrano_stats Web applications / Modules and components for CMS bosh-lastpass_plugin Web applications / Modules and components for CMS active-model-better_errors Web applications / Modules and components for CMS bosh-cli_plugin_redis Web applications / Modules and components for CMS acts-as_better_tree Web applications / Modules and components for CMS artisan_plugin Web applications / Modules and components for CMS arethusa-plugin_generator Web applications / Modules and components for CMS spider_src Web applications / Modules and components for CMS alphabetical-paginate Web applications / Modules and components for CMS http-statsd Web applications / Modules and components for CMS alphabetical-paginate_uk Web applications / Modules and components for CMS bankgiro-inbetalningar Web applications / Modules and components for CMS beta_pod Web applications / Modules and components for CMS fluent_plugin-statsite Web applications / Modules and components for CMS spider_gazelle Web applications / Modules and components for CMS fluent_plugin-dogstatsd-mediba Web applications / Modules and components for CMS omniauth_mixer Web applications / Modules and components for CMS spider-html Web applications / Modules and components for CMS font_stack Web applications / Modules and components for CMS apress_api Web applications / Modules and components for CMS apress_documentation Web applications / Modules and components for CMS apress_moysklad Web applications / Modules and components for CMS ascii-press Web applications / Modules and components for CMS batsd_dash Web applications / Modules and components for CMS batch-translations Web applications / Modules and components for CMS batch-it Web applications / Modules and components for CMS commission-junction_stats Web applications / Modules and components for CMS active-model-password_reset Web applications / Modules and components for CMS batch_rails2 Web applications / Modules and components for CMS cache-stats Web applications / Modules and components for CMS basic_stats Web applications / Modules and components for CMS aem_deploy Web applications / Modules and components for CMS batali_wedge Web applications / Modules and components for CMS airbrake-stats Web applications / Modules and components for CMS batali_tk Web applications / Modules and components for CMS 3months-staff-schedule Web applications / Modules and components for CMS autoexec-bat Web applications / Modules and components for CMS api-batch Web applications / Modules and components for CMS ba-upload Web applications / Modules and components for CMS activerecord-pluck-in_batches Web applications / Modules and components for CMS admob-site_stats Web applications / Modules and components for CMS activerecord-suppress-range_error Web applications / Modules and components for CMS font_awesome-sass-c Web applications / Modules and components for CMS font_awesome-sass-mixins Web applications / Modules and components for CMS font_awesome-sassc Web applications / Modules and components for CMS font_fabulous Web applications / Modules and components for CMS font_awesome-sass Web applications / Modules and components for CMS font-assets Web applications / Modules and components for CMS benchmark_plot Web applications / Modules and components for CMS bbs-uploader Web applications / Modules and components for CMS aws_s3-deploy Web applications / Modules and components for CMS aws_codedeploy-agent Web applications / Modules and components for CMS auto_deploy-test Web applications / Modules and components for CMS api-deploy Web applications / Modules and components for CMS amoeba-deploy_tools Web applications / Modules and components for CMS batch_rails Web applications / Modules and components for CMS active-explorer Web applications / Modules and components for CMS batch-insert Web applications / Modules and components for CMS catarse-paypal_express Web applications / Modules and components for CMS cafepress-api Web applications / Modules and components for CMS bunto_press Web applications / Modules and components for CMS activerecord_postgresql-expression Web applications / Modules and components for CMS active-press Web applications / Modules and components for CMS resque-stuck_queue Web applications / Modules and components for CMS drupal-fu Web applications / Modules and components for CMS capistrano3_drupal Web applications / Modules and components for CMS git-team_stats Web applications / Modules and components for CMS commandsy_plugin Web applications / Modules and components for CMS cocoapods_icemobile-plugin Web applications / Modules and components for CMS alphabet_rocker Web applications / Modules and components for CMS bosh_plugin-generator Web applications / Modules and components for CMS brightbox_boxgrinder-plugins Web applications / Modules and components for CMS audio-mixer-sox Web applications / Modules and components for CMS batman_rails Web applications / Modules and components for CMS font_league Web applications / Modules and components for CMS alphabetic-paginate Web applications / Modules and components for CMS spider_node Web applications / Modules and components for CMS archive-uploader Web applications / Modules and components for CMS applogger_ruby Web applications / Modules and components for CMS selenium-spider Web applications / Modules and components for CMS ar_find-in-batches-with-order Web applications / Modules and components for CMS batch-actions Web applications / Modules and components for CMS administrate_field-password Web applications / Modules and components for CMS acts-as_keywordable Web applications / Modules and components for CMS arb-spider Web applications / Modules and components for CMS apress_changelogger Web applications / Modules and components for CMS royal-mail_scraper Web applications / Modules and components for CMS stuck-it_up Web applications / Modules and components for CMS spider-monkey Web applications / Modules and components for CMS backstop_deploys Web applications / Modules and components for CMS royal-mail_api Web applications / Modules and components for CMS battle_on Web applications / Modules and components for CMS battery-growl Web applications / Modules and components for CMS battering-ram Web applications / Modules and components for CMS beta-tools Web applications / Modules and components for CMS spider-bot Web applications / Modules and components for CMS awesome-print_carrier_wave_uploader Web applications / Modules and components for CMS dradis_ntospider Web applications / Modules and components for CMS beta-invites Web applications / Modules and components for CMS adwords-scraper Web applications / Modules and components for CMS bedrock_capistrano-uploads Web applications / Modules and components for CMS active-record_samplooper Web applications / Modules and components for CMS app_deployer Web applications / Modules and components for CMS lines-mixer Web applications / Modules and components for CMS aws-upload Web applications / Modules and components for CMS language-mixer Web applications / Modules and components for CMS font_roboto-rails Web applications / Modules and components for CMS aws-blue_green_deploy Web applications / Modules and components for CMS batched-query Web applications / Modules and components for CMS speed-spider Web applications / Modules and components for CMS asset-uploader Web applications / Modules and components for CMS movie-spider Web applications / Modules and components for CMS murmuring-spider Web applications / Modules and components for CMS batch-audio_convert Web applications / Modules and components for CMS secondhand_spider Web applications / Modules and components for CMS acpc-poker_player_proxy Web applications / Modules and components for CMS acpc-poker_types Web applications / Modules and components for CMS acpc-poker_match_state Web applications / Modules and components for CMS acpc-poker_basic_proxy Web applications / Modules and components for CMS active-admin-advanced_create_another Web applications / Modules and components for CMS active-admin_theme Web applications / Modules and components for CMS about-pos Web applications / Modules and components for CMS abstract-importer Web applications / Modules and components for CMS acceptance-tests_support Web applications / Modules and components for CMS act-blue_reporter Web applications / Modules and components for CMS action-component Web applications / Modules and components for CMS acpc-poker-player_proxy Web applications / Modules and components for CMS active-admin_import Web applications / Modules and components for CMS accessible-tooltip Web applications / Modules and components for CMS cards-lib Web applications / Modules and components for CMS acquia-toolbelt Web applications / Modules and components for CMS game-shuffle_cards Web applications / Modules and components for CMS act-as_importable Web applications / Modules and components for CMS active-model-policy Web applications / Modules and components for CMS acpc-poker-types Web applications / Modules and components for CMS ackintosh-net-empty-port Web applications / Modules and components for CMS acts-as_crafter Web applications / Modules and components for CMS lang-cards Web applications / Modules and components for CMS acpc-poker-basic_proxy Web applications / Modules and components for CMS active-tools Web applications / Modules and components for CMS acpc-poker-match_state Web applications / Modules and components for CMS workarea-gift-cards Web applications / Modules and components for CMS access-policy-rails Web applications / Modules and components for CMS twitter-cards Web applications / Modules and components for CMS damn_weather Web applications / Modules and components for CMS cinch_weatherman Web applications / Modules and components for CMS dark-sky_weather Web applications / Modules and components for CMS hack-cards Web applications / Modules and components for CMS barometer-weather-bug Web applications / Modules and components for CMS activerecord_db-tools Web applications / Modules and components for CMS ruby-playing_cards Web applications / Modules and components for CMS enpit-weather Web applications / Modules and components for CMS playing-cards Web applications / Modules and components for CMS airservice-build_tools Web applications / Modules and components for CMS ellen_weather Web applications / Modules and components for CMS rubylove-playing-cards Web applications / Modules and components for CMS current-weather Web applications / Modules and components for CMS fortnite-api Web applications / Modules and components for CMS rspec-candy Web applications / Modules and components for CMS candy_-sql Web applications / Modules and components for CMS candy-check Web applications / Modules and components for CMS referral-candy Web applications / Modules and components for CMS cinch_logsearch Web applications / Modules and components for CMS capistrano_telegram-notification Web applications / Modules and components for CMS chef-partial-search Web applications / Modules and components for CMS capistrano_telegram Web applications / Modules and components for CMS bin-search Web applications / Modules and components for CMS blinkman-twitter-search Web applications / Modules and components for CMS capistrano-telegram-notification Web applications / Modules and components for CMS barely-searchable Web applications / Modules and components for CMS jaconda-telegram Web applications / Modules and components for CMS binary-search_tree Web applications / Modules and components for CMS beerdb-api Web applications / Modules and components for CMS cloud-search Web applications / Modules and components for CMS biblesearch_api Web applications / Modules and components for CMS blacklight-advanced_search Web applications / Modules and components for CMS binary-search_frequency Web applications / Modules and components for CMS aws_elasticsearch Web applications / Modules and components for CMS beer-bash Web applications / Modules and components for CMS telegram-meetup_bot Web applications / Modules and components for CMS lita_onewheel-beer-apex Web applications / Modules and components for CMS bisearch-enzim_hu Web applications / Modules and components for CMS lita_onewheel-beer-baileys Web applications / Modules and components for CMS telegram_bot-types Web applications / Modules and components for CMS telegram-bot_ruby Web applications / Modules and components for CMS lita_onewheel-beer-base Web applications / Modules and components for CMS administrate-field-belongs-to_search Web applications / Modules and components for CMS telegram-bot_middleware Web applications / Modules and components for CMS lita_onewheel-beer-craftpourhouse Web applications / Modules and components for CMS lita_onewheel-beer-loyal-legion Web applications / Modules and components for CMS lita_onewheel-beer-tin-bucket Web applications / Modules and components for CMS activeadmin-searchable-select Web applications / Modules and components for CMS lita_onewheel-beer-wework Web applications / Modules and components for CMS lita_telegram Web applications / Modules and components for CMS telegram-bot_api Web applications / Modules and components for CMS ruboty_telegram Web applications / Modules and components for CMS telegram_bot-ruby Web applications / Modules and components for CMS aliyun-open-search Web applications / Modules and components for CMS lita_telegram-plus Web applications / Modules and components for CMS city-search Web applications / Modules and components for CMS chef_cloudsearch Web applications / Modules and components for CMS aws-cloud_search Web applications / Modules and components for CMS active-search Web applications / Modules and components for CMS amazon_search Web applications / Modules and components for CMS alchemy-pg-search Web applications / Modules and components for CMS arel-search Web applications / Modules and components for CMS lita_onewheel-beer-abvpub Web applications / Modules and components for CMS apple-store_search Web applications / Modules and components for CMS dog-biscuits Web applications / Modules and components for CMS attr-searchable Web applications / Modules and components for CMS lita_onewheel-beer-btu Web applications / Modules and components for CMS datadog_notifications Web applications / Modules and components for CMS lita_onewheel-beer-growlers Web applications / Modules and components for CMS cat_dog Web applications / Modules and components for CMS lita_onewheel-beer-pints Web applications / Modules and components for CMS acts-as_fuzzy_search Web applications / Modules and components for CMS lita_onewheel-beer-upperlip Web applications / Modules and components for CMS alerty_plugin-datadog-event Web applications / Modules and components for CMS airbrake_api Web applications / Modules and components for CMS dragonfly_cloudinary-datastore Web applications / Modules and components for CMS dragonfly_activerecord Web applications / Modules and components for CMS rate-beer Web applications / Modules and components for CMS dragonfly_cloudinary Web applications / Modules and components for CMS lita_onewheel-beer-wayfinder Web applications / Modules and components for CMS first-gem_rakesh Web applications / Modules and components for CMS ad-search Web applications / Modules and components for CMS fig-rake Web applications / Modules and components for CMS crl-watchdog Web applications / Modules and components for CMS datadog_cli Web applications / Modules and components for CMS adapter_elasticsearch Web applications / Modules and components for CMS datadog-apm Web applications / Modules and components for CMS airbrake-notifying_threads Web applications / Modules and components for CMS beer-in_the_evening Web applications / Modules and components for CMS dogapi_demo Web applications / Modules and components for CMS cordova_rake Web applications / Modules and components for CMS blinkist_airbrake-scrubber Web applications / Modules and components for CMS bard_rake Web applications / Modules and components for CMS airbrake-user_attributes_rails5 Web applications / Modules and components for CMS fluent_plugin-airbrake-logger Web applications / Modules and components for CMS airbrake-proxy Web applications / Modules and components for CMS fluent_plugin-airbrake-python Web applications / Modules and components for CMS datadog-proxy Web applications / Modules and components for CMS airbrake-user_attributes Web applications / Modules and components for CMS telegram-notifications Web applications / Modules and components for CMS doge-linguist Web applications / Modules and components for CMS doge-helper Web applications / Modules and components for CMS bulldoggy_filesystem Web applications / Modules and components for CMS chef_handler-datadog-demo Web applications / Modules and components for CMS capistrano_airbrake Web applications / Modules and components for CMS capistrano_rake Web applications / Modules and components for CMS capistrano_runit-rake Web applications / Modules and components for CMS dradis_brakeman Web applications / Modules and components for CMS delayed_plugins-airbrake Web applications / Modules and components for CMS doge_chef-formatter Web applications / Modules and components for CMS cucumber-rake_runner Web applications / Modules and components for CMS danger_brakeman Web applications / Modules and components for CMS doge-woof Web applications / Modules and components for CMS dot-rake_tasks_in_rails Web applications / Modules and components for CMS execute-with_rescue_with_airbrake Web applications / Modules and components for CMS airbrake_graylog2 Web applications / Modules and components for CMS ceedling_autorake Web applications / Modules and components for CMS dt_rake Web applications / Modules and components for CMS brakeman-translate_checkstyle_format Web applications / Modules and components for CMS chalk_rake Web applications / Modules and components for CMS branch-raker Web applications / Modules and components for CMS
Vendor	RubyGems fake vendor

Security Bulletin

This security bulletin contains one critical risk vulnerability.

1) Embedded malicious code (backdoor)

EUVDB-ID: #VU27108

Risk: Critical

CVSSv4.0: 8.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: N/A

CWE-ID: CWE-506 - Embedded Malicious Code

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to the application.

The vulnerability exists due to presence of embedded malicious functionality in the application code (aka backdoor) that allows a remote attacker to gain unauthorized access to the application.

Mitigation

Remove the affected package from the system.

Vulnerable software versions

atlas-client: 0.0.2 - 0.3.13

appium-lib: 10.5.0

action-mailer_cache_delivery: 0.3.7

activemodel_validators: 0.1.0 - 3.0.0

asciidoctor_bibliography: 0.10.3

assets-pipeline: 0.0.1 - 0.0.3

apress_validators: 0.1.0

ar_octopus-replication-tracking: 0.1.5

aliyun-open_search: 0.6.0

aliyun-mns: 0.1.11

ab_split: 1.0.2

apns-polite: 0.9.1

alephant_publisher: 0.6.10

alephant_publisher-queue: 2.6.0

alephant_publisher-request: 0.3.0

abbyy_ruby: 0.2.2

accredible_api-ruby: 0.1.50

accredible_ruby: 0.1.9

adequate-serializer: 0.3.1

algolia-places: 0.1.2

ali-dayu: 0.1.2

alias-helper: 0.1.2

alidns_ruby: 0.1.0

access-lint: 0.1.3

aligned-table: 0.1.0

alipay-dualfun: 0.4

accesslint_ci: 0.3.6

ach-client: 1.0.3

acme_cli: 0.6.1

ardm_validations: 1.2.0

alipay-escrow: 0.1.3

action-links: 0.4.1

banner-jobsub: 0.1.2

actionmailer-inline_css: 1.6.0

actionview-link-to_blank: 1.0.4

actionview-link-to_block: 1.0.2

adapter_sqlite3: 0.1.0

active_profiling: 0.1.1

active-subset-validator: 1.0.0

active-admin-duplicatable: 0.4.0

aliyun_odps: 0.4.2

aliyun_push: 0.1.0

aliyun_sdk-core: 0.1.5

active-comparison_validator: 0.1.3

active-delivery: 0.3.0

active-hash-like: 0.1.0

active-link_to: 1.0.5

active-merchant_mollie: 0.1.1

aliyun-live: 0.1.1

backbone_subroute-rails: 0.4.6

agnostic_duplicate: 1.0.1

active-model_serializers-hash_wrapper: 0.1.0

active-model_serializers-jsonapi_embedded_records_deserializer: 0.1.1

acts-as_splittable: 0.1.0

active-model_serializers_binary: 0.2.1

active-model_serializers_cancancan: 0.5.0

allscripts-unity_client: 4.0.1

acts-as_publishable: 0.3.3

active-model_serializers_validator: 1.2

amplitude_api: 0.1.1

active-model_validates_intersection_of: 1.2.0

active-model_validators_ex: 1.0.0

active-public_resources: 0.2.7

active-publisher: 1.2.0

active-record_fix_integer_limit: 0.1.7

active-record_inline_schema: 0.6.1

active-record_lite: 0.3.0

active-record_serialize_json: 0.1.4

android_command-line-tools: 0.1.0

active-replicas: 0.5.1

android-lint_translate_checkstyle_format: 0.2.0

active-scaffold_config_list_vho: 3.1.2

active-serializer: 0.1.1

active-support_alias_class_method: 1.2.0

acts-as_list_with_sti_support: 1.0.3

acts-as_liked: 0.1.0

acts-as_likeable: 0.1.0

activeadmin_mongoid-localize: 1.0.1

activeadmin-globalize_inputs: 1.0.0

apache-sling_api_client: 0.1.0

auto-localize: 0.1

auto-flick: 0.1.2

auto-click: 0.5.9

api-client_builder: 1.2.0

activemerchant_clickandbuy: 0.2.0

activemerchant_payline: 0.1.9

api-geo_client: 1.0.0

activerecord-json_validator: 1.3.0

aker-cas-cli: 1.0.0

attr-validator: 0.2.3

age-validator: 0.1.0

activerecord-globalize: 1.0.0

agave_client: 0.1.3

apple_news-client: 0.5.4

apple-class_client: 1.0.0

apple-dep_client: 2.2.2

application-digester: 0.1.6

ae-validates-timeliness: 4.0.0

application-insights: 0.5.6

application-seeds: 0.9.1

active-subset_validator: 1.0.0

aptible_cli: 0.16.3

asset-pipeline_i18n: 4.0.1.2

aptly-cli: 0.5.0

adyen_ruby-api-library: 4.0.2

asset-host_client: 1.2.1

advisors-command_client: 2.2.0

activerecord-database-validations: 1.0.3

activerecord_databasevalidations: 0.5.0

ar_serialize-helpers: 1.2.1

activerecord_duplicate: 0.6.1

aspose-slides_cloud: 19.12.0

asciidoctor_pdf-linewrap-ja: 0.6.0

address-validate: 0.1.1

arabic-normalizer: 0.1.1

archivist_client: 0.2.4

array-xml-serialization: 0.1.0

argentinian_validations: 0.1.0

ardm_serializer: 1.2.2

acme_client: 2.0.5

activerecord_denormalize: 0.2.0

arethusa_cli: 0.1.16

ardm_sqlite-adapter: 1.2.0

arethusa_client: 0.1.17

artoo_crazyflie: 0.5.0

action-cable_subscription_adapter: 0.2.2

action-pubsub: 0.2.1

action-subscriber: 5.1.5

acts-as_subscribable: 0.1.0

after-the_deadline: 0.1.3

ajax-submit_rails: 0.1.0

assembly_client: 0.9.0

assemblyline_ruby: 0.1.6

array_subindex: 1.3.1

asset-symlink: 0.3.1

aws-sns_subscription: 1.0.4

approval_ratings-cli-app: 0.1.0

campaign-monitor_subscriber: 1.0.4

activerecord_like: 2.2

applicious-utils: 0.1.95

assets-live_compile: 0.2.1

activerecord-msgpack-serializer: 0.1.1

abbyy_cloud: 0.0.10

abn-validator: 0.1.0

alias-class: 0.1.0

applicaster_logger: 0.8.4

applicant-tracking_api: 1.0.0

acception_client: 1.2.0

aliyun_mqs: 0.1.1

active_model-email-validator: 1.0.2

active-admin_filters_visibility: 1.2.0

active-application: 0.3.1

active-model_serializer_plus: 1.1.0

activerecord-rescue-from_duplicate: 0.1.3

active-model_serializers-matchers: 0.1.1

address-validator: 0.1.1

attribute-normalizer-extras: 0.1.0

audiobank_client: 0.6

allq-client: 1.1.1

active-model_serializers_matchers: 0.2.1

amazon_kinesis-client-ruby: 1.0.1

activerecord-strict_validations: 0.3.1

acts-as_commentable_with_replies: 0.1.0

acts-as_journalized: 3.3.0

amplifypay-ruby: 1.0.11

active-model_type_validator: 1.0.0

auto-scaling_methods: 0.1.0

apache-felix_webconsole_client: 0.1.1

apache-felix_api_client: 0.1.1

active-replica: 0.2.0

active-validator: 1.0.4

active-rest_client: 1.2.0

active-validation: 5.1.0

ansible-tower_client: 0.21.0

angular-form_validation: 0.1.8

angular_turbolinks: 0.1.0

android-string_resources_validator: 0.1.0

access-policy: 0.0.7

any_validate: 0.0.4

acts-as_multilingual: 0.0.1

ActiveAdmin_Globalize3-inputs: 0.0.1

authenticator_client: 0.0.4

activemerchant-banklink: 0.0.6

apiotics-aws_client: 1.0.1

ama-validators: 0.0.13

active-model_serializers_pg: 0.0.6

apiotics-aws_iot_client: 1.0.1

apitool_client: 2.0.0

acts-as_read_only_i18n_localised: 0.0.3

activerecord-safe-initialize: 0.2.0

aliyun-ruby_api: 0.0.3

appfigures-client: 0.0.2

active-model_policy: 0.0.1

active-model-permalink: 0.0.1

aliyun_slb: 0.0.1

appium-doc_lint: 0.0.11

aliyun_rds: 0.0.1

active-admin_globalize3_locale_selector: 0.0.1

activemodel-behavior-validator: 0.0.3

at_validations: 0.1.1

astroboa_cli: 0.5.0

aliyun_mq-sdk: 0.1.2

alive-state: 1.1.0

aliseeks-api: 1.0.4

alipay-global: 0.0.6

act-as_serializable: 0.0.1

access-policy_rails: 0.0.2

acts-as_localized: 0.0.3

accepts-nested_serialized_attributes: 0.0.2

alidayu-api: 0.0.2

alias-to_method: 0.0.1

alias-scope: 0.0.1

alias-metrics: 0.1.2

activemodel-email-address_validator: 2.0.0

application-config: 0.0.2

ali-mns: 0.0.5

association-validator: 0.6.1

ability-list: 0.0.4

activemodel-immutable-validator: 0.0.2

capistrano-scm-git-with_submodule_and_resolv_symlinks: 0.3.1

capistrano_copy-subdir: 0.1.0

adb_sdklib: 0.0.3

alacrity-client: 0.0.1

activerecord_jdbcsplice-adapter: 0.1.4

assets_publisher-for-hanami: 2.0.0

agile_cli: 0.0.19

activemodel-ipaddr-validator: 0.0.2

activerecord_implicit-order: 0.1.0

activerecord-forbid-implicit_connection_checkout: 1.0.0

ar-lightning: 0.0.1

assembla-cli: 0.0.2

asana_cli: 0.0.2

archive-lister: 0.0.1

adn_cli: 0.0.6

administrate_field-paperclip: 0.0.5

administrate_field-mobility: 0.0.1

acception_subscriber: 1.1.0

activemodel-base64-validator: 0.0.1

addy-caddy_client: 0.0.1

adtech_api-client: 0.0.4

addons_client: 0.0.10

alcatraz_client: 0.0.6

aliyun_mts: 0.0.0

aliyun-sls: 0.0.7

aliyun-sls_sdk: 0.0.9

also-validates: 0.0.2

acts-as_publicable: 0.0.4

android_publisher: 0.0.14

angel-list: 0.0.8

answers_ruby-client: 0.0.1

anything_slider: 0.0.1

anything-slider_rails: 0.0.2

active-pubsub: 0.0.9

capistrano_scm-gitsubmodules: 1.0.0

ability-engine: 0.0.2

apn-client: 0.0.4

apocalypse_client: 0.0.5

activerecord-serialize-coders: 0.0.1

apod_cli: 0.0.4

app_cli: 0.0.1

activerecord_publishable: 0.0.1

application-module: 0.0.2

activerecord_locking-symbolic: 0.0.1

ace_client-ext: 0.0.11

applied-css: 0.0.5

ar-database_duplicator: 0.0.2

ar-json_serialize: 0.0.3

ar-publish_control: 0.0.9

area-code_validator: 0.0.6

assemblyline_cli: 0.0.21

assemblyline_formatter: 0.0.1

active-model_version_serializers: 0.0.5

activemodel-url-validator: 0.0.4

asset-pipeline: 0.2.0

actionmailer-localized-preview: 0.0.2

active-model-attributes_validation: 0.0.1

activemodel-can-validator: 0.0.2

at-least_one_existence_validator: 0.0.3

atacama-client: 0.0.4

auth_transis-client: 0.0.5

auth-client: 0.0.3

authenticated-client: 0.0.3

auto-validate: 0.0.4

active-model_serializers-cancan: 0.0.2

asset-link: 0.0.2

assets-offline: 0.0.5

3scale-client: 2.11.0

apigee-cli: 0.0.3

asterisk_ari-client: 0.0.8

capistrano_auth-subscriber: 0.0.1

apidone_client: 0.0.3

applidget_oauth2: 0.0.3

capistrano_rails-subdir: 0.0.0

apibanca_client: 0.0.8

a1409yo-health: 0.0.2

acmesmith_designate: 0.1.1

a1408nw-Ounennhei: 2.1.3

abbreviated-methods: 0.1.0

acmesmith_ns1: 0.1.0

aastra-xml_api: 1.1.4

a1447ll-hpbd: 1.0.1

act-as_enumerable: 0.1.3

acme_smileage: 4.0.1

a15z8my-name: 0.1.0

action-meta_tags: 0.2

act-as_time_as_boolean: 1.0.1

abstract-api_wrapper: 1.3.2

acme_pki: 0.2.1

acmesmith_verisign: 0.1.3

abiquo_api: 0.1.3

acmesmith_google-cloud-dns: 0.2.0

acmesmith_google-cloud-storage: 0.1.3

active-merchant-mollie: 0.1.1

rack_envinspector: 0.1

edmunds-vin: 0.1.1

deriving-license: 0.3.1

comic-vine: 0.1.5

act-as_nameable: 0.0.3

a15666011-konagayoshi: 0.1.0

rails_test-serving: 0.1.4.2

a1548sy-yamamoto: 0.1.0

seeing-is_believing: 3.6.1

a1539kh-calculator: 0.1.9

omniauth_marvin: 1.1.0

acme-base64-hexagrams: 0.0.1

twitter_vine: 0.1.9

aai10_mechanize: 2.0.1.0

1-as_identity_function: 1.0.1

em_synchrony-dataone-vin: 0.1.0

divining-rod: 0.6.4

moving-images: 1.0.1

a-stupid_test_gem: 0.0.2

jmcnevin-rghost-barcode: 0.8.8

a1426kt-prime-number: 0.0.7

3scale-time_range: 0.3.0

a1521hk-minitest_practice: 0.1.0

a1426kt-prime_number: 0.0.7

aastra-xml-api: 1.1.4

acme_heisenberg: 0.0.1

acme_bleach: 0.0.4

absa_notify-me: 0.0.7

vagrant_hvinfo: 0.1.3

moving-average: 0.1.1

action-parameter: 0.0.3

nhtsa-vin: 0.0.8

a-special_day: 0.0.2

movingsign-api: 0.0.2

a14z6ch-elapsed_days: 0.0.5

a-stupid-test_gem: 0.0.2

living-dead: 0.0.1

ab-panel: 0.4.3

kevins-propietary_brain: 0.0.1

acme_leeway: 0.0.1

indonesian-province: 0.0.2

gimme-vins: 0.0.3

hello-kelvinst: 0.0.1

galvinhsiu-active-cart: 0.0.20

aasm-ohm_persistence: 0.0.1

first-giving_api: 0.0.1

3scale-time-range: 0.3.0

kevin-thompson: 0.0.1

mars-rover_alvin: 0.0.1

devino-sms: 0.0.2

bitmovin_api: 0.0.4

moving-words: 0.0.3

actioncontroller-parameter-filter: 0.0.2

multi-movingsign: 0.0.1

abbish-sequel_plugins: 0.0.6

forgiving-nil: 0.0.2

37_pieces-of-flair: 0.0.1

3months-staff_schedule: 0.0.3

99designs_tasks: 0.0.7

a1510jy-bmi: 0.1.0

a1520mk-exercise4: 0.1.5

aasm-active-fedora: 0.1.2

a1501da-birthday: 0.1.0

aasm-history: 0.1.3

a1508ki-ika: 0.1.0

a15745105-ichinoki: 0.4.4

a1616ts-gem: 0.1.0

a1624-bmi: 0.1.0

a1535yt-gem: 0.1.0

a1447ll-mini_test: 0.1.0

a1630ty-a1630ty: 0.2.0

a1521hk-age: 0.1.1

a1632ma-ano: 0.1.0

a15745105-ichinokii: 0.1.7

a15z7kn-niitsuma_2016_gem: 0.1.0

a-special-day: 0.0.2

a1521hk-minitest-practice: 0.1.0

a14z6ch-elapsed-days: 0.0.5

a1439ty-bmiV3: 0.0.3

a1420ks-bmi: 0.1.1

a1412tk-bmi: 0.0.3

allocation-stats: 0.1.5

alerty-plugin-datadog-event: 0.1.4

1-as-identity_function: 1.0.1

alexa-plugin_generator: 0.2.0

a1437ky-bmi3: 0.0.1

fluent_plugin-stats: 0.4.0

a1330ks-bmi: 0.0.1

active-record_stats: 0.1.5

foot-stats: 0.1.0

a1447ll-test: 0.0.1

active-scaffold_batch_vho: 3.1.7

airbrake_statsd: 0.2.1

belong_plugin-rds-pgsql-log: 0.3.2

cocoapods_fixbugs-plugin: 0.1.0

a_test-gem: 0.0.19

autoproj_stats: 0.1.0

arproxy-plugin-mysql-casual_log: 0.1.0

gamer-stats: 0.2.5

bunto-test_plugin: 1.0.0

chef_handler-statsd: 1.0.1

codestats_metrics-reporter: 0.1.13

atlassian-plugin_installer: 0.1.3

apptuit_fluent-plugin: 0.1.3

admiral-stats_parser: 1.17.1

education-stats: 1.0.0

bunto-test_plugin_malicious: 1.0.0

em_statsd-ruby: 1.0.3

emque_stats: 1.1.0

fluent_plugin-datadog-statsd: 0.0.4

commonmarker_pluggable: 0.3.0

halo-stats: 1.0.3

active-redis_stats: 0.1.3

blade-sauce-labs_plugin: 0.7.3

github_org-stats: 0.1.0

fluent_plugin-statsd: 1.0.3

fluent_plugin-statsd-event: 0.1.1

cap_drupal-multisite: 0.3.2

arctica_autorization-rails-plugin: 0.1

gitstats_rb: 2.0.0

dradis_nmap: 3.15.0

get-stats: 0.3

fluent_plugin-statsd-output: 1.4.2

fluent_plugin-stats-notifier: 0.0.5

github_release-stats: 0.0.2

fluent-plugin-haproxy-stats: 0.1.1

gitstats_ruby: 1.0.1

wordify-stuckiest: 1.1.0

fluent_plugin-dogstatsd: 0.0.6

jenkins-statsd: 0.3.1

alerty-plugin-amazon-sns: 0.0.6

em_statsd: 1.0.0

alerty_plugin-ikachan: 0.0.1

alerty_plugin-mail: 0.0.2

alerty_plugin-slack: 0.0.1

danger_apkstats: 0.2.0

contributors-stats: 1.0.0

active-model-password: 1.0.3

activeadmin-jfu_upload: 0.1.8

acts-as_explorable: 0.1.1

claide_plugins: 0.9.2

alephant_logger-statsd: 0.0.4

angular_file-upload-rails: 1.6.1.2

a1436mm-age: 0.0.3

batali_infuse: 0.2.2

bosh_plugin-pipeline: 0.2.1

bosh-cli_plugin_consul: 0.1.0

capistrano_stats: 1.1.1

bosh-lastpass_plugin: 0.0.4

active-model-better_errors: 1.6.7

bosh-cli_plugin_redis: 0.2.3

acts-as_better_tree: 1.0.0

artisan_plugin: 0.0.2

arethusa-plugin_generator: 0.0.1

spider_src: 0.1.7

alphabetical-paginate: 2.3.4

http-statsd: 0.0.2

alphabetical-paginate_uk: 1.0.1

bankgiro-inbetalningar: 1.2.0

beta_pod: 1.3.0

fluent_plugin-statsite: 0.0.7

spider_gazelle: 3.2.0

fluent_plugin-dogstatsd-mediba: 0.0.9

omniauth_mixer: 0.1.2

spider-html: 0.1.9

font_stack: 0.1.2

apress_api: 1.24.0

apress_documentation: 0.4.0

apress_moysklad: 0.1.0

ascii-press: 0.5.2

batsd_dash: 0.5.0

batch-translations: 0.1.3

batch-it: 0.1.0

commission-junction_stats: 0.0.2

active-model-password_reset: 1.0.9

batch_rails2: 0.2.0

cache-stats: 0.0.1

basic_stats: 0.0.2

aem_deploy: 0.1.26

batali_wedge: 0.1.2

airbrake-stats: 0.0.1

batali_tk: 0.2.4

3months-staff-schedule: 0.0.3

autoexec-bat: 0.1.1

api-batch: 0.1.1

ba-upload: 0.1.0

activerecord-pluck-in_batches: 0.2.1

admob-site_stats: 0.0.1

activerecord-suppress-range_error: 0.1.1

font_awesome-sass-c: 4.7.2

font_awesome-sass-mixins: 4.7.0

font_awesome-sassc: 4.7.1

font_fabulous: 1.0.5

font_awesome-sass: 5.12.0

font-assets: 0.1.14

benchmark_plot: 0.1.1

bbs-uploader: 0.1.6

aws_s3-deploy: 0.3.0

aws_codedeploy-agent: 0.1.0

auto_deploy-test: 0.1.19

api-deploy: 0.1.0

amoeba-deploy_tools: 0.0.10

batch_rails: 1.3.1

active-explorer: 0.0.9

batch-insert: 1.0

catarse-paypal_express: 3.0.2

cafepress-api: 0.3.2

bunto_press: 0.2.1

activerecord_postgresql-expression: 0.0.2

active-press: 0.1.0

resque-stuck_queue: 0.5.2

drupal-fu: 0.0.1

capistrano3_drupal: 0.0.1

git-team_stats: 0.0.1

commandsy_plugin: 0.0.1

cocoapods_icemobile-plugin: 0.0.8

alphabet_rocker: 0.1.1

bosh_plugin-generator: 0.0.1

brightbox_boxgrinder-plugins: 0.0.6

audio-mixer-sox: 1.0.3

batman_rails: 0.16.1

font_league: 1.0.0

alphabetic-paginate: 0.0.12

spider_node: 0.0.1

archive-uploader: 0.2

applogger_ruby: 0.5.3

selenium-spider: 0.1.2

ar_find-in-batches-with-order: 0.0.2

batch-actions: 0.0.2

administrate_field-password: 0.0.4

acts-as_keywordable: 0.0.9

arb-spider: 1.1.2

apress_changelogger: 0.0.1

royal-mail_scraper: 1.0.1

stuck-it_up: 0.1.0

spider-monkey: 0.0.11

backstop_deploys: 0.0.6

royal-mail_api: 0.1.1

battle_on: 0.0.4

battery-growl: 0.0.1

battering-ram: 0.0.1

beta-tools: 0.0.5

spider-bot: 0.0.5

awesome-print_carrier_wave_uploader: 0.0.1

dradis_ntospider: 3.15.0

beta-invites: 0.0.1

adwords-scraper: 0.0.2

bedrock_capistrano-uploads: 0.0.1

active-record_samplooper: 0.0.7

app_deployer: 0.0.3

lines-mixer: 0.0.1

aws-upload: 0.0.1

language-mixer: 0.0.1

font_roboto-rails: 0.0.3

aws-blue_green_deploy: 0.0.1

batched-query: 0.0.1

speed-spider: 0.0.2

asset-uploader: 0.0.3

movie-spider: 0.0.2

murmuring-spider: 0.0.2

batch-audio_convert: 0.2.0-x86_64-linux

secondhand_spider: 0.0.1

acpc-poker_player_proxy: 1.6.7

acpc-poker_types: 7.8.6

acpc-poker_match_state: 2.2.1

acpc-poker_basic_proxy: 3.2.2

active-admin-advanced_create_another: 0.1.1

active-admin_theme: 1.1.1

about-pos: 2.0.0

abstract-importer: 1.6.0

acceptance-tests_support: 1.0.2

act-blue_reporter: 0.1.0

action-component: 0.1.4

acpc-poker-player_proxy: 1.6.7

active-admin_import: 4.2.0

accessible-tooltip: 1.0.9

cards-lib: 0.2.5

acquia-toolbelt: 2.4.1

game-shuffle_cards: 1.0.5

act-as_importable: 0.0.11

active-model-policy: 0.0.1

acpc-poker-types: 7.8.6

ackintosh-net-empty-port: 0.0.1

acts-as_crafter: 1.0.0

lang-cards: 1.0.0

acpc-poker-basic_proxy: 3.2.2

active-tools: 0.2.5

acpc-poker-match_state: 2.2.1

workarea-gift-cards: 4.0.1

access-policy-rails: 0.0.2

twitter-cards: 0.1.0

damn_weather: 0.1.3

cinch_weatherman: 1.0.5

dark-sky_weather: 0.1.0

hack-cards: 0.0.4

barometer-weather-bug: 0.1.0

activerecord_db-tools: 0.0.1

ruby-playing_cards: 0.0.2

enpit-weather: 0.1.0

playing-cards: 0.0.2

airservice-build_tools: 0.0.9

ellen_weather: 0.0.1

rubylove-playing-cards: 0.0.1

current-weather: 0.0.4

fortnite-api: 0.2.0

rspec-candy: 0.5.1

candy_-sql: 0.1.0

candy-check: 0.2.1

referral-candy: 0.1.0

cinch_logsearch: 1.0.2

capistrano_telegram-notification: 0.1.1

chef-partial-search: 1.0.7

capistrano_telegram: 1.0.0

bin-search: 0.1

blinkman-twitter-search: 0.1.0

capistrano-telegram-notification: 0.1.1

barely-searchable: 1.0.0

jaconda-telegram: 1.0

binary-search_tree: 2.2

beerdb-api: 0.1.1

cloud-search: 0.2.0

biblesearch_api: 1.2.0

blacklight-advanced_search: 7.0.0

binary-search_frequency: 0.0.3

aws_elasticsearch: 0.1.0

beer-bash: 0.1.0

telegram-meetup_bot: 0.3.0

lita_onewheel-beer-apex: 0.2.7

bisearch-enzim_hu: 0.0.4

lita_onewheel-beer-baileys: 3.8.8

telegram_bot-types: 0.6.1

telegram-bot_ruby: 0.1.7

lita_onewheel-beer-base: 2.0.8

administrate-field-belongs-to_search: 0.7.0

telegram-bot_middleware: 0.3.2

lita_onewheel-beer-craftpourhouse: 1.0.0

lita_onewheel-beer-loyal-legion: 0.1.3

lita_onewheel-beer-tin-bucket: 0.1.3

activeadmin-searchable-select: 1.2.0

lita_onewheel-beer-wework: 2.3.0

lita_telegram: 0.1.0

telegram-bot_api: 0.1.0

ruboty_telegram: 1.0.0

telegram_bot-ruby: 0.12.0

aliyun-open-search: 0.6.0

lita_telegram-plus: 0.1.2

city-search: 0.0.4

chef_cloudsearch: 0.0.2

aws-cloud_search: 0.0.2

active-search: 1.0.1

amazon_search: 1.4.4

alchemy-pg-search: 1.2.0

arel-search: 0.0.5

lita_onewheel-beer-abvpub: 0.0.1

apple-store_search: 0.0.5

dog-biscuits: 0.5.9

attr-searchable: 0.0.7

lita_onewheel-beer-btu: 0.0.0

datadog_notifications: 0.6.2

lita_onewheel-beer-growlers: 0.0.1

cat_dog: 1.0.0

lita_onewheel-beer-pints: 0.0.6

acts-as_fuzzy_search: 0.0.1

lita_onewheel-beer-upperlip: 0.0.1

alerty_plugin-datadog-event: 0.1.4

airbrake_api: 4.6.1

dragonfly_cloudinary-datastore: 0.1

dragonfly_activerecord: 1.0.0

rate-beer: 0.0.2

dragonfly_cloudinary: 0.1.1

lita_onewheel-beer-wayfinder: 0.0.3

first-gem_rakesh: 0.1.0

ad-search: 0.0.2

fig-rake: 0.9.3

crl-watchdog: 1.0.0

datadog_cli: 0.1.16

adapter_elasticsearch: 0.0.4

datadog-apm: 0.9.0

airbrake-notifying_threads: 0.1.1

beer-in_the_evening: 0.0.7

dogapi_demo: 0.1.0

cordova_rake: 0.5.2

blinkist_airbrake-scrubber: 4.1.1

bard_rake: 0.17.3

airbrake-user_attributes_rails5: 0.2.0

fluent_plugin-airbrake-logger: 0.1.0

airbrake-proxy: 0.1.2

fluent_plugin-airbrake-python: 0.2

datadog-proxy: 0.0.6

airbrake-user_attributes: 0.1.6

telegram-notifications: 0.0.1

doge-linguist: 0.1.0

doge-helper: 0.1

bulldoggy_filesystem: 0.0.1

chef_handler-datadog-demo: 0.2.0

capistrano_airbrake: 0.1.1

capistrano_rake: 0.2.0

capistrano_runit-rake: 0.2.0

dradis_brakeman: 3.15.0

delayed_plugins-airbrake: 1.1.0

doge_chef-formatter: 0.0.1

cucumber-rake_runner: 0.0.3

danger_brakeman: 0.0.1

doge-woof: 0.1.10

dot-rake_tasks_in_rails: 0.0.1

execute-with_rescue_with_airbrake: 0.0.3

airbrake_graylog2: 0.0.4

ceedling_autorake: 0.0.2

dt_rake: 0.0.3

brakeman-translate_checkstyle_format: 0.0.1

chalk_rake: 0.0.3

branch-raker: 0.0.6

CPE2.3

External links

https://thehackernews.com/2020/04/rubygem-typosquatting-malware.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.