Embedded malicious code (backdoor) in RubyGems fake vendor Web applications

#VU27108 Embedded malicious code (backdoor) in RubyGems fake vendor Web applications

Published: 2020-04-22

Vulnerability identifier: #VU27108

Vulnerability risk: Critical

CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C]

CVE-ID: N/A

CWE-ID: CWE-506

Exploitation vector: Network

Exploit availability: No

Vendor: RubyGems fake vendor

Description

The vulnerability allows a remote attacker to gain unauthorized access to the application.

The vulnerability exists due to presence of embedded malicious functionality in the application code (aka backdoor) that allows a remote attacker to gain unauthorized access to the application.

Mitigation

Remove the affected package from the system.

Vulnerable software versions

atlas-client: 0.0.2 - 0.3.13

appium-lib: 10.5.0

action-mailer_cache_delivery: 0.3.7

activemodel_validators: 0.1.0 - 3.0.0

asciidoctor_bibliography: 0.10.3

assets-pipeline: 0.0.1 - 0.0.3

apress_validators: 0.1.0

ar_octopus-replication-tracking: 0.1.5

aliyun-open_search: 0.6.0

aliyun-mns: 0.1.11

ab_split: 1.0.2

apns-polite: 0.9.1

alephant_publisher: 0.6.10

alephant_publisher-queue: 2.6.0

alephant_publisher-request: 0.3.0

abbyy_ruby: 0.2.2

accredible_api-ruby: 0.1.50

accredible_ruby: 0.1.9

adequate-serializer: 0.3.1

algolia-places: 0.1.2

ali-dayu: 0.1.2

alias-helper: 0.1.2

alidns_ruby: 0.1.0

access-lint: 0.1.3

aligned-table: 0.1.0

alipay-dualfun: 0.4

accesslint_ci: 0.3.6

ach-client: 1.0.3

acme_cli: 0.6.1

ardm_validations: 1.2.0

alipay-escrow: 0.1.3

action-links: 0.4.1

banner-jobsub: 0.1.2

actionmailer-inline_css: 1.6.0

actionview-link-to_blank: 1.0.4

actionview-link-to_block: 1.0.2

adapter_sqlite3: 0.1.0

active_profiling: 0.1.1

active-subset-validator: 1.0.0

active-admin-duplicatable: 0.4.0

aliyun_odps: 0.4.2

aliyun_push: 0.1.0

aliyun_sdk-core: 0.1.5

active-comparison_validator: 0.1.3

active-delivery: 0.3.0

active-hash-like: 0.1.0

active-link_to: 1.0.5

active-merchant_mollie: 0.1.1

aliyun-live: 0.1.1

backbone_subroute-rails: 0.4.6

agnostic_duplicate: 1.0.1

active-model_serializers-hash_wrapper: 0.1.0

active-model_serializers-jsonapi_embedded_records_deserializer: 0.1.1

acts-as_splittable: 0.1.0

active-model_serializers_binary: 0.2.1

active-model_serializers_cancancan: 0.5.0

allscripts-unity_client: 4.0.1

acts-as_publishable: 0.3.3

active-model_serializers_validator: 1.2

amplitude_api: 0.1.1

active-model_validates_intersection_of: 1.2.0

active-model_validators_ex: 1.0.0

active-public_resources: 0.2.7

active-publisher: 1.2.0

active-record_fix_integer_limit: 0.1.7

active-record_inline_schema: 0.6.1

active-record_lite: 0.3.0

active-record_serialize_json: 0.1.4

android_command-line-tools: 0.1.0

active-replicas: 0.5.1

android-lint_translate_checkstyle_format: 0.2.0

active-scaffold_config_list_vho: 3.1.2

active-serializer: 0.1.1

active-support_alias_class_method: 1.2.0

acts-as_list_with_sti_support: 1.0.3

acts-as_liked: 0.1.0

acts-as_likeable: 0.1.0

activeadmin_mongoid-localize: 1.0.1

activeadmin-globalize_inputs: 1.0.0

apache-sling_api_client: 0.1.0

auto-localize: 0.1

auto-flick: 0.1.2

auto-click: 0.5.9

api-client_builder: 1.2.0

activemerchant_clickandbuy: 0.2.0

activemerchant_payline: 0.1.9

api-geo_client: 1.0.0

activerecord-json_validator: 1.3.0

aker-cas-cli: 1.0.0

attr-validator: 0.2.3

age-validator: 0.1.0

activerecord-globalize: 1.0.0

agave_client: 0.1.3

apple_news-client: 0.5.4

apple-class_client: 1.0.0

apple-dep_client: 2.2.2

application-digester: 0.1.6

ae-validates-timeliness: 4.0.0

application-insights: 0.5.6

application-seeds: 0.9.1

active-subset_validator: 1.0.0

aptible_cli: 0.16.3

asset-pipeline_i18n: 4.0.1.2

aptly-cli: 0.5.0

adyen_ruby-api-library: 4.0.2

asset-host_client: 1.2.1

advisors-command_client: 2.2.0

activerecord-database-validations: 1.0.3

activerecord_databasevalidations: 0.5.0

ar_serialize-helpers: 1.2.1

activerecord_duplicate: 0.6.1

aspose-slides_cloud: 19.12.0

asciidoctor_pdf-linewrap-ja: 0.6.0

address-validate: 0.1.1

arabic-normalizer: 0.1.1

archivist_client: 0.2.4

array-xml-serialization: 0.1.0

argentinian_validations: 0.1.0

ardm_serializer: 1.2.2

acme_client: 2.0.5

activerecord_denormalize: 0.2.0

arethusa_cli: 0.1.16

ardm_sqlite-adapter: 1.2.0

arethusa_client: 0.1.17

artoo_crazyflie: 0.5.0

action-cable_subscription_adapter: 0.2.2

action-pubsub: 0.2.1

action-subscriber: 5.1.5

acts-as_subscribable: 0.1.0

after-the_deadline: 0.1.3

ajax-submit_rails: 0.1.0

assembly_client: 0.9.0

assemblyline_ruby: 0.1.6

array_subindex: 1.3.1

asset-symlink: 0.3.1

aws-sns_subscription: 1.0.4

approval_ratings-cli-app: 0.1.0

campaign-monitor_subscriber: 1.0.4

activerecord_like: 2.2

applicious-utils: 0.1.95

assets-live_compile: 0.2.1

activerecord-msgpack-serializer: 0.1.1

abbyy_cloud: 0.0.10

abn-validator: 0.1.0

alias-class: 0.1.0

applicaster_logger: 0.8.4

applicant-tracking_api: 1.0.0

acception_client: 1.2.0

aliyun_mqs: 0.1.1

active_model-email-validator: 1.0.2

active-admin_filters_visibility: 1.2.0

active-application: 0.3.1

active-model_serializer_plus: 1.1.0

activerecord-rescue-from_duplicate: 0.1.3

active-model_serializers-matchers: 0.1.1

address-validator: 0.1.1

attribute-normalizer-extras: 0.1.0

audiobank_client: 0.6

allq-client: 1.1.1

active-model_serializers_matchers: 0.2.1

amazon_kinesis-client-ruby: 1.0.1

activerecord-strict_validations: 0.3.1

acts-as_commentable_with_replies: 0.1.0

acts-as_journalized: 3.3.0

amplifypay-ruby: 1.0.11

active-model_type_validator: 1.0.0

auto-scaling_methods: 0.1.0

apache-felix_webconsole_client: 0.1.1

apache-felix_api_client: 0.1.1

active-replica: 0.2.0

active-validator: 1.0.4

active-rest_client: 1.2.0

active-validation: 5.1.0

ansible-tower_client: 0.21.0

angular-form_validation: 0.1.8

angular_turbolinks: 0.1.0

android-string_resources_validator: 0.1.0

access-policy: 0.0.7

any_validate: 0.0.4

acts-as_multilingual: 0.0.1

ActiveAdmin_Globalize3-inputs: 0.0.1

authenticator_client: 0.0.4

activemerchant-banklink: 0.0.6

apiotics-aws_client: 1.0.1

ama-validators: 0.0.13

active-model_serializers_pg: 0.0.6

apiotics-aws_iot_client: 1.0.1

apitool_client: 2.0.0

acts-as_read_only_i18n_localised: 0.0.3

activerecord-safe-initialize: 0.2.0

aliyun-ruby_api: 0.0.3

appfigures-client: 0.0.2

active-model_policy: 0.0.1

active-model-permalink: 0.0.1

aliyun_slb: 0.0.1

appium-doc_lint: 0.0.11

aliyun_rds: 0.0.1

active-admin_globalize3_locale_selector: 0.0.1

activemodel-behavior-validator: 0.0.3

at_validations: 0.1.1

astroboa_cli: 0.5.0

aliyun_mq-sdk: 0.1.2

alive-state: 1.1.0

aliseeks-api: 1.0.4

alipay-global: 0.0.6

act-as_serializable: 0.0.1

access-policy_rails: 0.0.2

acts-as_localized: 0.0.3

accepts-nested_serialized_attributes: 0.0.2

alidayu-api: 0.0.2

alias-to_method: 0.0.1

alias-scope: 0.0.1

alias-metrics: 0.1.2

activemodel-email-address_validator: 2.0.0

application-config: 0.0.2

ali-mns: 0.0.5

association-validator: 0.6.1

ability-list: 0.0.4

activemodel-immutable-validator: 0.0.2

capistrano-scm-git-with_submodule_and_resolv_symlinks: 0.3.1

capistrano_copy-subdir: 0.1.0

adb_sdklib: 0.0.3

alacrity-client: 0.0.1

activerecord_jdbcsplice-adapter: 0.1.4

assets_publisher-for-hanami: 2.0.0

agile_cli: 0.0.19

activemodel-ipaddr-validator: 0.0.2

activerecord_implicit-order: 0.1.0

activerecord-forbid-implicit_connection_checkout: 1.0.0

ar-lightning: 0.0.1

assembla-cli: 0.0.2

asana_cli: 0.0.2

archive-lister: 0.0.1

adn_cli: 0.0.6

administrate_field-paperclip: 0.0.5

administrate_field-mobility: 0.0.1

acception_subscriber: 1.1.0

activemodel-base64-validator: 0.0.1

addy-caddy_client: 0.0.1

adtech_api-client: 0.0.4

addons_client: 0.0.10

alcatraz_client: 0.0.6

aliyun_mts: 0.0.0

aliyun-sls: 0.0.7

aliyun-sls_sdk: 0.0.9

also-validates: 0.0.2

acts-as_publicable: 0.0.4

android_publisher: 0.0.14

angel-list: 0.0.8

answers_ruby-client: 0.0.1

anything_slider: 0.0.1

anything-slider_rails: 0.0.2

active-pubsub: 0.0.9

capistrano_scm-gitsubmodules: 1.0.0

ability-engine: 0.0.2

apn-client: 0.0.4

apocalypse_client: 0.0.5

activerecord-serialize-coders: 0.0.1

apod_cli: 0.0.4

app_cli: 0.0.1

activerecord_publishable: 0.0.1

application-module: 0.0.2

activerecord_locking-symbolic: 0.0.1

ace_client-ext: 0.0.11

applied-css: 0.0.5

ar-database_duplicator: 0.0.2

ar-json_serialize: 0.0.3

ar-publish_control: 0.0.9

area-code_validator: 0.0.6

assemblyline_cli: 0.0.21

assemblyline_formatter: 0.0.1

active-model_version_serializers: 0.0.5

activemodel-url-validator: 0.0.4

asset-pipeline: 0.2.0

actionmailer-localized-preview: 0.0.2

active-model-attributes_validation: 0.0.1

activemodel-can-validator: 0.0.2

at-least_one_existence_validator: 0.0.3

atacama-client: 0.0.4

auth_transis-client: 0.0.5

auth-client: 0.0.3

authenticated-client: 0.0.3

auto-validate: 0.0.4

active-model_serializers-cancan: 0.0.2

asset-link: 0.0.2

assets-offline: 0.0.5

3scale-client: 2.11.0

apigee-cli: 0.0.3

asterisk_ari-client: 0.0.8

capistrano_auth-subscriber: 0.0.1

apidone_client: 0.0.3

applidget_oauth2: 0.0.3

capistrano_rails-subdir: 0.0.0

apibanca_client: 0.0.8

a1409yo-health: 0.0.2

acmesmith_designate: 0.1.1

a1408nw-Ounennhei: 2.1.3

abbreviated-methods: 0.1.0

acmesmith_ns1: 0.1.0

aastra-xml_api: 1.1.4

a1447ll-hpbd: 1.0.1

act-as_enumerable: 0.1.3

acme_smileage: 4.0.1

a15z8my-name: 0.1.0

action-meta_tags: 0.2

act-as_time_as_boolean: 1.0.1

abstract-api_wrapper: 1.3.2

acme_pki: 0.2.1

acmesmith_verisign: 0.1.3

abiquo_api: 0.1.3

acmesmith_google-cloud-dns: 0.2.0

acmesmith_google-cloud-storage: 0.1.3

active-merchant-mollie: 0.1.1

rack_envinspector: 0.1

edmunds-vin: 0.1.1

deriving-license: 0.3.1

comic-vine: 0.1.5

act-as_nameable: 0.0.3

a15666011-konagayoshi: 0.1.0

rails_test-serving: 0.1.4.2

a1548sy-yamamoto: 0.1.0

seeing-is_believing: 3.6.1

a1539kh-calculator: 0.1.9

omniauth_marvin: 1.1.0

acme-base64-hexagrams: 0.0.1

twitter_vine: 0.1.9

aai10_mechanize: 2.0.1.0

1-as_identity_function: 1.0.1

em_synchrony-dataone-vin: 0.1.0

divining-rod: 0.6.4

moving-images: 1.0.1

a-stupid_test_gem: 0.0.2

jmcnevin-rghost-barcode: 0.8.8

a1426kt-prime-number: 0.0.7

3scale-time_range: 0.3.0

a1521hk-minitest_practice: 0.1.0

a1426kt-prime_number: 0.0.7

aastra-xml-api: 1.1.4

acme_heisenberg: 0.0.1

acme_bleach: 0.0.4

absa_notify-me: 0.0.7

vagrant_hvinfo: 0.1.3

moving-average: 0.1.1

action-parameter: 0.0.3

nhtsa-vin: 0.0.8

a-special_day: 0.0.2

movingsign-api: 0.0.2

a14z6ch-elapsed_days: 0.0.5

a-stupid-test_gem: 0.0.2

living-dead: 0.0.1

ab-panel: 0.4.3

kevins-propietary_brain: 0.0.1

acme_leeway: 0.0.1

indonesian-province: 0.0.2

gimme-vins: 0.0.3

hello-kelvinst: 0.0.1

galvinhsiu-active-cart: 0.0.20

aasm-ohm_persistence: 0.0.1

first-giving_api: 0.0.1

3scale-time-range: 0.3.0

kevin-thompson: 0.0.1

mars-rover_alvin: 0.0.1

devino-sms: 0.0.2

bitmovin_api: 0.0.4

moving-words: 0.0.3

actioncontroller-parameter-filter: 0.0.2

multi-movingsign: 0.0.1

abbish-sequel_plugins: 0.0.6

forgiving-nil: 0.0.2

37_pieces-of-flair: 0.0.1

3months-staff_schedule: 0.0.3

99designs_tasks: 0.0.7

a1510jy-bmi: 0.1.0

a1520mk-exercise4: 0.1.5

aasm-active-fedora: 0.1.2

a1501da-birthday: 0.1.0

aasm-history: 0.1.3

a1508ki-ika: 0.1.0

a15745105-ichinoki: 0.4.4

a1616ts-gem: 0.1.0

a1624-bmi: 0.1.0

a1535yt-gem: 0.1.0

a1447ll-mini_test: 0.1.0

a1630ty-a1630ty: 0.2.0

a1521hk-age: 0.1.1

a1632ma-ano: 0.1.0

a15745105-ichinokii: 0.1.7

a15z7kn-niitsuma_2016_gem: 0.1.0

a-special-day: 0.0.2

a1521hk-minitest-practice: 0.1.0

a14z6ch-elapsed-days: 0.0.5

a1439ty-bmiV3: 0.0.3

a1420ks-bmi: 0.1.1

a1412tk-bmi: 0.0.3

allocation-stats: 0.1.5

alerty-plugin-datadog-event: 0.1.4

1-as-identity_function: 1.0.1

alexa-plugin_generator: 0.2.0

a1437ky-bmi3: 0.0.1

fluent_plugin-stats: 0.4.0

a1330ks-bmi: 0.0.1

active-record_stats: 0.1.5

foot-stats: 0.1.0

a1447ll-test: 0.0.1

active-scaffold_batch_vho: 3.1.7

airbrake_statsd: 0.2.1

belong_plugin-rds-pgsql-log: 0.3.2

cocoapods_fixbugs-plugin: 0.1.0

a_test-gem: 0.0.19

autoproj_stats: 0.1.0

arproxy-plugin-mysql-casual_log: 0.1.0

gamer-stats: 0.2.5

bunto-test_plugin: 1.0.0

chef_handler-statsd: 1.0.1

codestats_metrics-reporter: 0.1.13

atlassian-plugin_installer: 0.1.3

apptuit_fluent-plugin: 0.1.3

admiral-stats_parser: 1.17.1

education-stats: 1.0.0

bunto-test_plugin_malicious: 1.0.0

em_statsd-ruby: 1.0.3

emque_stats: 1.1.0

fluent_plugin-datadog-statsd: 0.0.4

commonmarker_pluggable: 0.3.0

halo-stats: 1.0.3

active-redis_stats: 0.1.3

blade-sauce-labs_plugin: 0.7.3

github_org-stats: 0.1.0

fluent_plugin-statsd: 1.0.3

fluent_plugin-statsd-event: 0.1.1

cap_drupal-multisite: 0.3.2

arctica_autorization-rails-plugin: 0.1

gitstats_rb: 2.0.0

dradis_nmap: 3.15.0

get-stats: 0.3

fluent_plugin-statsd-output: 1.4.2

fluent_plugin-stats-notifier: 0.0.5

github_release-stats: 0.0.2

fluent-plugin-haproxy-stats: 0.1.1

gitstats_ruby: 1.0.1

wordify-stuckiest: 1.1.0

fluent_plugin-dogstatsd: 0.0.6

jenkins-statsd: 0.3.1

alerty-plugin-amazon-sns: 0.0.6

em_statsd: 1.0.0

alerty_plugin-ikachan: 0.0.1

alerty_plugin-mail: 0.0.2

alerty_plugin-slack: 0.0.1

danger_apkstats: 0.2.0

contributors-stats: 1.0.0

active-model-password: 1.0.3

activeadmin-jfu_upload: 0.1.8

acts-as_explorable: 0.1.1

claide_plugins: 0.9.2

alephant_logger-statsd: 0.0.4

angular_file-upload-rails: 1.6.1.2

a1436mm-age: 0.0.3

batali_infuse: 0.2.2

bosh_plugin-pipeline: 0.2.1

bosh-cli_plugin_consul: 0.1.0

capistrano_stats: 1.1.1

bosh-lastpass_plugin: 0.0.4

active-model-better_errors: 1.6.7

bosh-cli_plugin_redis: 0.2.3

acts-as_better_tree: 1.0.0

artisan_plugin: 0.0.2

arethusa-plugin_generator: 0.0.1

spider_src: 0.1.7

alphabetical-paginate: 2.3.4

http-statsd: 0.0.2

alphabetical-paginate_uk: 1.0.1

bankgiro-inbetalningar: 1.2.0

beta_pod: 1.3.0

fluent_plugin-statsite: 0.0.7

spider_gazelle: 3.2.0

fluent_plugin-dogstatsd-mediba: 0.0.9

omniauth_mixer: 0.1.2

spider-html: 0.1.9

font_stack: 0.1.2

apress_api: 1.24.0

apress_documentation: 0.4.0

apress_moysklad: 0.1.0

ascii-press: 0.5.2

batsd_dash: 0.5.0

batch-translations: 0.1.3

batch-it: 0.1.0

commission-junction_stats: 0.0.2

active-model-password_reset: 1.0.9

batch_rails2: 0.2.0

cache-stats: 0.0.1

basic_stats: 0.0.2

aem_deploy: 0.1.26

batali_wedge: 0.1.2

airbrake-stats: 0.0.1

batali_tk: 0.2.4

3months-staff-schedule: 0.0.3

autoexec-bat: 0.1.1

api-batch: 0.1.1

ba-upload: 0.1.0

activerecord-pluck-in_batches: 0.2.1

admob-site_stats: 0.0.1

activerecord-suppress-range_error: 0.1.1

font_awesome-sass-c: 4.7.2

font_awesome-sass-mixins: 4.7.0

font_awesome-sassc: 4.7.1

font_fabulous: 1.0.5

font_awesome-sass: 5.12.0

font-assets: 0.1.14

benchmark_plot: 0.1.1

bbs-uploader: 0.1.6

aws_s3-deploy: 0.3.0

aws_codedeploy-agent: 0.1.0

auto_deploy-test: 0.1.19

api-deploy: 0.1.0

amoeba-deploy_tools: 0.0.10

batch_rails: 1.3.1

active-explorer: 0.0.9

batch-insert: 1.0

catarse-paypal_express: 3.0.2

cafepress-api: 0.3.2

bunto_press: 0.2.1

activerecord_postgresql-expression: 0.0.2

active-press: 0.1.0

resque-stuck_queue: 0.5.2

drupal-fu: 0.0.1

capistrano3_drupal: 0.0.1

git-team_stats: 0.0.1

commandsy_plugin: 0.0.1

cocoapods_icemobile-plugin: 0.0.8

alphabet_rocker: 0.1.1

bosh_plugin-generator: 0.0.1

brightbox_boxgrinder-plugins: 0.0.6

audio-mixer-sox: 1.0.3

batman_rails: 0.16.1

font_league: 1.0.0

alphabetic-paginate: 0.0.12

spider_node: 0.0.1

archive-uploader: 0.2

applogger_ruby: 0.5.3

selenium-spider: 0.1.2

ar_find-in-batches-with-order: 0.0.2

batch-actions: 0.0.2

administrate_field-password: 0.0.4

acts-as_keywordable: 0.0.9

arb-spider: 1.1.2

apress_changelogger: 0.0.1

royal-mail_scraper: 1.0.1

stuck-it_up: 0.1.0

spider-monkey: 0.0.11

backstop_deploys: 0.0.6

royal-mail_api: 0.1.1

battle_on: 0.0.4

battery-growl: 0.0.1

battering-ram: 0.0.1

beta-tools: 0.0.5

spider-bot: 0.0.5

awesome-print_carrier_wave_uploader: 0.0.1

dradis_ntospider: 3.15.0

beta-invites: 0.0.1

adwords-scraper: 0.0.2

bedrock_capistrano-uploads: 0.0.1

active-record_samplooper: 0.0.7

app_deployer: 0.0.3

lines-mixer: 0.0.1

aws-upload: 0.0.1

language-mixer: 0.0.1

font_roboto-rails: 0.0.3

aws-blue_green_deploy: 0.0.1

batched-query: 0.0.1

speed-spider: 0.0.2

asset-uploader: 0.0.3

movie-spider: 0.0.2

murmuring-spider: 0.0.2

batch-audio_convert: 0.2.0-x86_64-linux

secondhand_spider: 0.0.1

acpc-poker_player_proxy: 1.6.7

acpc-poker_types: 7.8.6

acpc-poker_match_state: 2.2.1

acpc-poker_basic_proxy: 3.2.2

active-admin-advanced_create_another: 0.1.1

active-admin_theme: 1.1.1

about-pos: 2.0.0

abstract-importer: 1.6.0

acceptance-tests_support: 1.0.2

act-blue_reporter: 0.1.0

action-component: 0.1.4

acpc-poker-player_proxy: 1.6.7

active-admin_import: 4.2.0

accessible-tooltip: 1.0.9

cards-lib: 0.2.5

acquia-toolbelt: 2.4.1

game-shuffle_cards: 1.0.5

act-as_importable: 0.0.11

active-model-policy: 0.0.1

acpc-poker-types: 7.8.6

ackintosh-net-empty-port: 0.0.1

acts-as_crafter: 1.0.0

lang-cards: 1.0.0

acpc-poker-basic_proxy: 3.2.2

active-tools: 0.2.5

acpc-poker-match_state: 2.2.1

workarea-gift-cards: 4.0.1

access-policy-rails: 0.0.2

twitter-cards: 0.1.0

damn_weather: 0.1.3

cinch_weatherman: 1.0.5

dark-sky_weather: 0.1.0

hack-cards: 0.0.4

barometer-weather-bug: 0.1.0

activerecord_db-tools: 0.0.1

ruby-playing_cards: 0.0.2

enpit-weather: 0.1.0

playing-cards: 0.0.2

airservice-build_tools: 0.0.9

ellen_weather: 0.0.1

rubylove-playing-cards: 0.0.1

current-weather: 0.0.4

fortnite-api: 0.2.0

rspec-candy: 0.5.1

candy_-sql: 0.1.0

candy-check: 0.2.1

referral-candy: 0.1.0

cinch_logsearch: 1.0.2

capistrano_telegram-notification: 0.1.1

chef-partial-search: 1.0.7

capistrano_telegram: 1.0.0

bin-search: 0.1

blinkman-twitter-search: 0.1.0

capistrano-telegram-notification: 0.1.1

barely-searchable: 1.0.0

jaconda-telegram: 1.0

binary-search_tree: 2.2

beerdb-api: 0.1.1

cloud-search: 0.2.0

biblesearch_api: 1.2.0

blacklight-advanced_search: 7.0.0

binary-search_frequency: 0.0.3

aws_elasticsearch: 0.1.0

beer-bash: 0.1.0

telegram-meetup_bot: 0.3.0

lita_onewheel-beer-apex: 0.2.7

bisearch-enzim_hu: 0.0.4

lita_onewheel-beer-baileys: 3.8.8

telegram_bot-types: 0.6.1

telegram-bot_ruby: 0.1.7

lita_onewheel-beer-base: 2.0.8

administrate-field-belongs-to_search: 0.7.0

telegram-bot_middleware: 0.3.2

lita_onewheel-beer-craftpourhouse: 1.0.0

lita_onewheel-beer-loyal-legion: 0.1.3

lita_onewheel-beer-tin-bucket: 0.1.3

activeadmin-searchable-select: 1.2.0

lita_onewheel-beer-wework: 2.3.0

lita_telegram: 0.1.0

telegram-bot_api: 0.1.0

ruboty_telegram: 1.0.0

telegram_bot-ruby: 0.12.0

aliyun-open-search: 0.6.0

lita_telegram-plus: 0.1.2

city-search: 0.0.4

chef_cloudsearch: 0.0.2

aws-cloud_search: 0.0.2

active-search: 1.0.1

amazon_search: 1.4.4

alchemy-pg-search: 1.2.0

arel-search: 0.0.5

lita_onewheel-beer-abvpub: 0.0.1

apple-store_search: 0.0.5

dog-biscuits: 0.5.9

attr-searchable: 0.0.7

lita_onewheel-beer-btu: 0.0.0

datadog_notifications: 0.6.2

lita_onewheel-beer-growlers: 0.0.1

cat_dog: 1.0.0

lita_onewheel-beer-pints: 0.0.6

acts-as_fuzzy_search: 0.0.1

lita_onewheel-beer-upperlip: 0.0.1

alerty_plugin-datadog-event: 0.1.4

airbrake_api: 4.6.1

dragonfly_cloudinary-datastore: 0.1

dragonfly_activerecord: 1.0.0

rate-beer: 0.0.2

dragonfly_cloudinary: 0.1.1

lita_onewheel-beer-wayfinder: 0.0.3

first-gem_rakesh: 0.1.0

ad-search: 0.0.2

fig-rake: 0.9.3

crl-watchdog: 1.0.0

datadog_cli: 0.1.16

adapter_elasticsearch: 0.0.4

datadog-apm: 0.9.0

airbrake-notifying_threads: 0.1.1

beer-in_the_evening: 0.0.7

dogapi_demo: 0.1.0

cordova_rake: 0.5.2

blinkist_airbrake-scrubber: 4.1.1

bard_rake: 0.17.3

airbrake-user_attributes_rails5: 0.2.0

fluent_plugin-airbrake-logger: 0.1.0

airbrake-proxy: 0.1.2

fluent_plugin-airbrake-python: 0.2

datadog-proxy: 0.0.6

airbrake-user_attributes: 0.1.6

telegram-notifications: 0.0.1

doge-linguist: 0.1.0

doge-helper: 0.1

bulldoggy_filesystem: 0.0.1

chef_handler-datadog-demo: 0.2.0

capistrano_airbrake: 0.1.1

capistrano_rake: 0.2.0

capistrano_runit-rake: 0.2.0

dradis_brakeman: 3.15.0

delayed_plugins-airbrake: 1.1.0

doge_chef-formatter: 0.0.1

cucumber-rake_runner: 0.0.3

danger_brakeman: 0.0.1

doge-woof: 0.1.10

dot-rake_tasks_in_rails: 0.0.1

execute-with_rescue_with_airbrake: 0.0.3

airbrake_graylog2: 0.0.4

ceedling_autorake: 0.0.2

dt_rake: 0.0.3

brakeman-translate_checkstyle_format: 0.0.1

chalk_rake: 0.0.3

branch-raker: 0.0.6

External links
http://thehackernews.com/2020/04/rubygem-typosquatting-malware.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

Latest bulletins with this vulnerability

Backdoors in multiple gems for Ruby