#VU27108 Embedded malicious code (backdoor) in RubyGems fake vendor products
Published: April 22, 2020
Vulnerability identifier: #VU27108
Vulnerability risk: Critical
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
CVE-ID: N/A
CWE-ID: CWE-506
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
atlas-client
appium-lib
action-mailer_cache_delivery
activemodel_validators
asciidoctor_bibliography
assets-pipeline
apress_validators
ar_octopus-replication-tracking
aliyun-open_search
aliyun-mns
ab_split
apns-polite
alephant_publisher
alephant_publisher-queue
alephant_publisher-request
abbyy_ruby
accredible_api-ruby
accredible_ruby
adequate-serializer
algolia-places
ali-dayu
alias-helper
alidns_ruby
access-lint
aligned-table
alipay-dualfun
accesslint_ci
ach-client
acme_cli
ardm_validations
alipay-escrow
action-links
banner-jobsub
actionmailer-inline_css
actionview-link-to_blank
actionview-link-to_block
adapter_sqlite3
active_profiling
active-subset-validator
active-admin-duplicatable
aliyun_odps
aliyun_push
aliyun_sdk-core
active-comparison_validator
active-delivery
active-hash-like
active-link_to
active-merchant_mollie
aliyun-live
backbone_subroute-rails
agnostic_duplicate
active-model_serializers-hash_wrapper
active-model_serializers-jsonapi_embedded_records_deserializer
acts-as_splittable
active-model_serializers_binary
active-model_serializers_cancancan
allscripts-unity_client
acts-as_publishable
active-model_serializers_validator
amplitude_api
active-model_validates_intersection_of
active-model_validators_ex
active-public_resources
active-publisher
active-record_fix_integer_limit
active-record_inline_schema
active-record_lite
active-record_serialize_json
android_command-line-tools
active-replicas
android-lint_translate_checkstyle_format
active-scaffold_config_list_vho
active-serializer
active-support_alias_class_method
acts-as_list_with_sti_support
acts-as_liked
acts-as_likeable
activeadmin_mongoid-localize
activeadmin-globalize_inputs
apache-sling_api_client
auto-localize
auto-flick
auto-click
api-client_builder
activemerchant_clickandbuy
activemerchant_payline
api-geo_client
activerecord-json_validator
aker-cas-cli
attr-validator
age-validator
activerecord-globalize
agave_client
apple_news-client
apple-class_client
apple-dep_client
application-digester
ae-validates-timeliness
application-insights
application-seeds
active-subset_validator
aptible_cli
asset-pipeline_i18n
aptly-cli
adyen_ruby-api-library
asset-host_client
advisors-command_client
activerecord-database-validations
activerecord_databasevalidations
ar_serialize-helpers
activerecord_duplicate
aspose-slides_cloud
asciidoctor_pdf-linewrap-ja
address-validate
arabic-normalizer
archivist_client
array-xml-serialization
argentinian_validations
ardm_serializer
acme_client
activerecord_denormalize
arethusa_cli
ardm_sqlite-adapter
arethusa_client
artoo_crazyflie
action-cable_subscription_adapter
action-pubsub
action-subscriber
acts-as_subscribable
after-the_deadline
ajax-submit_rails
assembly_client
assemblyline_ruby
array_subindex
asset-symlink
aws-sns_subscription
approval_ratings-cli-app
campaign-monitor_subscriber
activerecord_like
applicious-utils
assets-live_compile
activerecord-msgpack-serializer
abbyy_cloud
abn-validator
alias-class
applicaster_logger
applicant-tracking_api
acception_client
aliyun_mqs
active_model-email-validator
active-admin_filters_visibility
active-application
active-model_serializer_plus
activerecord-rescue-from_duplicate
active-model_serializers-matchers
address-validator
attribute-normalizer-extras
audiobank_client
allq-client
active-model_serializers_matchers
amazon_kinesis-client-ruby
activerecord-strict_validations
acts-as_commentable_with_replies
acts-as_journalized
amplifypay-ruby
active-model_type_validator
auto-scaling_methods
apache-felix_webconsole_client
apache-felix_api_client
active-replica
active-validator
active-rest_client
active-validation
ansible-tower_client
angular-form_validation
angular_turbolinks
android-string_resources_validator
access-policy
any_validate
acts-as_multilingual
ActiveAdmin_Globalize3-inputs
authenticator_client
activemerchant-banklink
apiotics-aws_client
ama-validators
active-model_serializers_pg
apiotics-aws_iot_client
apitool_client
acts-as_read_only_i18n_localised
activerecord-safe-initialize
aliyun-ruby_api
appfigures-client
active-model_policy
active-model-permalink
aliyun_slb
appium-doc_lint
aliyun_rds
active-admin_globalize3_locale_selector
activemodel-behavior-validator
at_validations
astroboa_cli
aliyun_mq-sdk
alive-state
aliseeks-api
alipay-global
act-as_serializable
access-policy_rails
acts-as_localized
accepts-nested_serialized_attributes
alidayu-api
alias-to_method
alias-scope
alias-metrics
activemodel-email-address_validator
application-config
ali-mns
association-validator
ability-list
activemodel-immutable-validator
capistrano-scm-git-with_submodule_and_resolv_symlinks
capistrano_copy-subdir
adb_sdklib
alacrity-client
activerecord_jdbcsplice-adapter
assets_publisher-for-hanami
agile_cli
activemodel-ipaddr-validator
activerecord_implicit-order
activerecord-forbid-implicit_connection_checkout
ar-lightning
assembla-cli
asana_cli
archive-lister
adn_cli
administrate_field-paperclip
administrate_field-mobility
acception_subscriber
activemodel-base64-validator
addy-caddy_client
adtech_api-client
addons_client
alcatraz_client
aliyun_mts
aliyun-sls
aliyun-sls_sdk
also-validates
acts-as_publicable
android_publisher
angel-list
answers_ruby-client
anything_slider
anything-slider_rails
active-pubsub
capistrano_scm-gitsubmodules
ability-engine
apn-client
apocalypse_client
activerecord-serialize-coders
apod_cli
app_cli
activerecord_publishable
application-module
activerecord_locking-symbolic
ace_client-ext
applied-css
ar-database_duplicator
ar-json_serialize
ar-publish_control
area-code_validator
assemblyline_cli
assemblyline_formatter
active-model_version_serializers
activemodel-url-validator
asset-pipeline
actionmailer-localized-preview
active-model-attributes_validation
activemodel-can-validator
at-least_one_existence_validator
atacama-client
auth_transis-client
auth-client
authenticated-client
auto-validate
active-model_serializers-cancan
asset-link
assets-offline
3scale-client
apigee-cli
asterisk_ari-client
capistrano_auth-subscriber
apidone_client
applidget_oauth2
capistrano_rails-subdir
apibanca_client
a1409yo-health
acmesmith_designate
a1408nw-Ounennhei
abbreviated-methods
acmesmith_ns1
aastra-xml_api
a1447ll-hpbd
act-as_enumerable
acme_smileage
a15z8my-name
action-meta_tags
act-as_time_as_boolean
abstract-api_wrapper
acme_pki
acmesmith_verisign
abiquo_api
acmesmith_google-cloud-dns
acmesmith_google-cloud-storage
active-merchant-mollie
rack_envinspector
edmunds-vin
deriving-license
comic-vine
act-as_nameable
a15666011-konagayoshi
rails_test-serving
a1548sy-yamamoto
seeing-is_believing
a1539kh-calculator
omniauth_marvin
acme-base64-hexagrams
twitter_vine
aai10_mechanize
1-as_identity_function
em_synchrony-dataone-vin
divining-rod
moving-images
a-stupid_test_gem
jmcnevin-rghost-barcode
a1426kt-prime-number
3scale-time_range
a1521hk-minitest_practice
a1426kt-prime_number
aastra-xml-api
acme_heisenberg
acme_bleach
absa_notify-me
vagrant_hvinfo
moving-average
action-parameter
nhtsa-vin
a-special_day
movingsign-api
a14z6ch-elapsed_days
a-stupid-test_gem
living-dead
ab-panel
kevins-propietary_brain
acme_leeway
indonesian-province
gimme-vins
hello-kelvinst
galvinhsiu-active-cart
aasm-ohm_persistence
first-giving_api
3scale-time-range
kevin-thompson
mars-rover_alvin
devino-sms
bitmovin_api
moving-words
actioncontroller-parameter-filter
multi-movingsign
abbish-sequel_plugins
forgiving-nil
37_pieces-of-flair
3months-staff_schedule
99designs_tasks
a1510jy-bmi
a1520mk-exercise4
aasm-active-fedora
a1501da-birthday
aasm-history
a1508ki-ika
a15745105-ichinoki
a1616ts-gem
a1624-bmi
a1535yt-gem
a1447ll-mini_test
a1630ty-a1630ty
a1521hk-age
a1632ma-ano
a15745105-ichinokii
a15z7kn-niitsuma_2016_gem
a-special-day
a1521hk-minitest-practice
a14z6ch-elapsed-days
a1439ty-bmiV3
a1420ks-bmi
a1412tk-bmi
allocation-stats
alerty-plugin-datadog-event
1-as-identity_function
alexa-plugin_generator
a1437ky-bmi3
fluent_plugin-stats
a1330ks-bmi
active-record_stats
foot-stats
a1447ll-test
active-scaffold_batch_vho
airbrake_statsd
belong_plugin-rds-pgsql-log
cocoapods_fixbugs-plugin
a_test-gem
autoproj_stats
arproxy-plugin-mysql-casual_log
gamer-stats
bunto-test_plugin
chef_handler-statsd
codestats_metrics-reporter
atlassian-plugin_installer
apptuit_fluent-plugin
admiral-stats_parser
education-stats
bunto-test_plugin_malicious
em_statsd-ruby
emque_stats
fluent_plugin-datadog-statsd
commonmarker_pluggable
halo-stats
active-redis_stats
blade-sauce-labs_plugin
github_org-stats
fluent_plugin-statsd
fluent_plugin-statsd-event
cap_drupal-multisite
arctica_autorization-rails-plugin
gitstats_rb
dradis_nmap
get-stats
fluent_plugin-statsd-output
fluent_plugin-stats-notifier
github_release-stats
fluent-plugin-haproxy-stats
gitstats_ruby
wordify-stuckiest
fluent_plugin-dogstatsd
jenkins-statsd
alerty-plugin-amazon-sns
em_statsd
alerty_plugin-ikachan
alerty_plugin-mail
alerty_plugin-slack
danger_apkstats
contributors-stats
active-model-password
activeadmin-jfu_upload
acts-as_explorable
claide_plugins
alephant_logger-statsd
angular_file-upload-rails
a1436mm-age
batali_infuse
bosh_plugin-pipeline
bosh-cli_plugin_consul
capistrano_stats
bosh-lastpass_plugin
active-model-better_errors
bosh-cli_plugin_redis
acts-as_better_tree
artisan_plugin
arethusa-plugin_generator
spider_src
alphabetical-paginate
http-statsd
alphabetical-paginate_uk
bankgiro-inbetalningar
beta_pod
fluent_plugin-statsite
spider_gazelle
fluent_plugin-dogstatsd-mediba
omniauth_mixer
spider-html
font_stack
apress_api
apress_documentation
apress_moysklad
ascii-press
batsd_dash
batch-translations
batch-it
commission-junction_stats
active-model-password_reset
batch_rails2
cache-stats
basic_stats
aem_deploy
batali_wedge
airbrake-stats
batali_tk
3months-staff-schedule
autoexec-bat
api-batch
ba-upload
activerecord-pluck-in_batches
admob-site_stats
activerecord-suppress-range_error
font_awesome-sass-c
font_awesome-sass-mixins
font_awesome-sassc
font_fabulous
font_awesome-sass
font-assets
benchmark_plot
bbs-uploader
aws_s3-deploy
aws_codedeploy-agent
auto_deploy-test
api-deploy
amoeba-deploy_tools
batch_rails
active-explorer
batch-insert
catarse-paypal_express
cafepress-api
bunto_press
activerecord_postgresql-expression
active-press
resque-stuck_queue
drupal-fu
capistrano3_drupal
git-team_stats
commandsy_plugin
cocoapods_icemobile-plugin
alphabet_rocker
bosh_plugin-generator
brightbox_boxgrinder-plugins
audio-mixer-sox
batman_rails
font_league
alphabetic-paginate
spider_node
archive-uploader
applogger_ruby
selenium-spider
ar_find-in-batches-with-order
batch-actions
administrate_field-password
acts-as_keywordable
arb-spider
apress_changelogger
royal-mail_scraper
stuck-it_up
spider-monkey
backstop_deploys
royal-mail_api
battle_on
battery-growl
battering-ram
beta-tools
spider-bot
awesome-print_carrier_wave_uploader
dradis_ntospider
beta-invites
adwords-scraper
bedrock_capistrano-uploads
active-record_samplooper
app_deployer
lines-mixer
aws-upload
language-mixer
font_roboto-rails
aws-blue_green_deploy
batched-query
speed-spider
asset-uploader
movie-spider
murmuring-spider
batch-audio_convert
secondhand_spider
acpc-poker_player_proxy
acpc-poker_types
acpc-poker_match_state
acpc-poker_basic_proxy
active-admin-advanced_create_another
active-admin_theme
about-pos
abstract-importer
acceptance-tests_support
act-blue_reporter
action-component
acpc-poker-player_proxy
active-admin_import
accessible-tooltip
cards-lib
acquia-toolbelt
game-shuffle_cards
act-as_importable
active-model-policy
acpc-poker-types
ackintosh-net-empty-port
acts-as_crafter
lang-cards
acpc-poker-basic_proxy
active-tools
acpc-poker-match_state
workarea-gift-cards
access-policy-rails
twitter-cards
damn_weather
cinch_weatherman
dark-sky_weather
hack-cards
barometer-weather-bug
activerecord_db-tools
ruby-playing_cards
enpit-weather
playing-cards
airservice-build_tools
ellen_weather
rubylove-playing-cards
current-weather
fortnite-api
rspec-candy
candy_-sql
candy-check
referral-candy
cinch_logsearch
capistrano_telegram-notification
chef-partial-search
capistrano_telegram
bin-search
blinkman-twitter-search
capistrano-telegram-notification
barely-searchable
jaconda-telegram
binary-search_tree
beerdb-api
cloud-search
biblesearch_api
blacklight-advanced_search
binary-search_frequency
aws_elasticsearch
beer-bash
telegram-meetup_bot
lita_onewheel-beer-apex
bisearch-enzim_hu
lita_onewheel-beer-baileys
telegram_bot-types
telegram-bot_ruby
lita_onewheel-beer-base
administrate-field-belongs-to_search
telegram-bot_middleware
lita_onewheel-beer-craftpourhouse
lita_onewheel-beer-loyal-legion
lita_onewheel-beer-tin-bucket
activeadmin-searchable-select
lita_onewheel-beer-wework
lita_telegram
telegram-bot_api
ruboty_telegram
telegram_bot-ruby
aliyun-open-search
lita_telegram-plus
city-search
chef_cloudsearch
aws-cloud_search
active-search
amazon_search
alchemy-pg-search
arel-search
lita_onewheel-beer-abvpub
apple-store_search
dog-biscuits
attr-searchable
lita_onewheel-beer-btu
datadog_notifications
lita_onewheel-beer-growlers
cat_dog
lita_onewheel-beer-pints
acts-as_fuzzy_search
lita_onewheel-beer-upperlip
alerty_plugin-datadog-event
airbrake_api
dragonfly_cloudinary-datastore
dragonfly_activerecord
rate-beer
dragonfly_cloudinary
lita_onewheel-beer-wayfinder
first-gem_rakesh
ad-search
fig-rake
crl-watchdog
datadog_cli
adapter_elasticsearch
datadog-apm
airbrake-notifying_threads
beer-in_the_evening
dogapi_demo
cordova_rake
blinkist_airbrake-scrubber
bard_rake
airbrake-user_attributes_rails5
fluent_plugin-airbrake-logger
airbrake-proxy
fluent_plugin-airbrake-python
datadog-proxy
airbrake-user_attributes
telegram-notifications
doge-linguist
doge-helper
bulldoggy_filesystem
chef_handler-datadog-demo
capistrano_airbrake
capistrano_rake
capistrano_runit-rake
dradis_brakeman
delayed_plugins-airbrake
doge_chef-formatter
cucumber-rake_runner
danger_brakeman
doge-woof
dot-rake_tasks_in_rails
execute-with_rescue_with_airbrake
airbrake_graylog2
ceedling_autorake
dt_rake
brakeman-translate_checkstyle_format
chalk_rake
branch-raker
atlas-client
appium-lib
action-mailer_cache_delivery
activemodel_validators
asciidoctor_bibliography
assets-pipeline
apress_validators
ar_octopus-replication-tracking
aliyun-open_search
aliyun-mns
ab_split
apns-polite
alephant_publisher
alephant_publisher-queue
alephant_publisher-request
abbyy_ruby
accredible_api-ruby
accredible_ruby
adequate-serializer
algolia-places
ali-dayu
alias-helper
alidns_ruby
access-lint
aligned-table
alipay-dualfun
accesslint_ci
ach-client
acme_cli
ardm_validations
alipay-escrow
action-links
banner-jobsub
actionmailer-inline_css
actionview-link-to_blank
actionview-link-to_block
adapter_sqlite3
active_profiling
active-subset-validator
active-admin-duplicatable
aliyun_odps
aliyun_push
aliyun_sdk-core
active-comparison_validator
active-delivery
active-hash-like
active-link_to
active-merchant_mollie
aliyun-live
backbone_subroute-rails
agnostic_duplicate
active-model_serializers-hash_wrapper
active-model_serializers-jsonapi_embedded_records_deserializer
acts-as_splittable
active-model_serializers_binary
active-model_serializers_cancancan
allscripts-unity_client
acts-as_publishable
active-model_serializers_validator
amplitude_api
active-model_validates_intersection_of
active-model_validators_ex
active-public_resources
active-publisher
active-record_fix_integer_limit
active-record_inline_schema
active-record_lite
active-record_serialize_json
android_command-line-tools
active-replicas
android-lint_translate_checkstyle_format
active-scaffold_config_list_vho
active-serializer
active-support_alias_class_method
acts-as_list_with_sti_support
acts-as_liked
acts-as_likeable
activeadmin_mongoid-localize
activeadmin-globalize_inputs
apache-sling_api_client
auto-localize
auto-flick
auto-click
api-client_builder
activemerchant_clickandbuy
activemerchant_payline
api-geo_client
activerecord-json_validator
aker-cas-cli
attr-validator
age-validator
activerecord-globalize
agave_client
apple_news-client
apple-class_client
apple-dep_client
application-digester
ae-validates-timeliness
application-insights
application-seeds
active-subset_validator
aptible_cli
asset-pipeline_i18n
aptly-cli
adyen_ruby-api-library
asset-host_client
advisors-command_client
activerecord-database-validations
activerecord_databasevalidations
ar_serialize-helpers
activerecord_duplicate
aspose-slides_cloud
asciidoctor_pdf-linewrap-ja
address-validate
arabic-normalizer
archivist_client
array-xml-serialization
argentinian_validations
ardm_serializer
acme_client
activerecord_denormalize
arethusa_cli
ardm_sqlite-adapter
arethusa_client
artoo_crazyflie
action-cable_subscription_adapter
action-pubsub
action-subscriber
acts-as_subscribable
after-the_deadline
ajax-submit_rails
assembly_client
assemblyline_ruby
array_subindex
asset-symlink
aws-sns_subscription
approval_ratings-cli-app
campaign-monitor_subscriber
activerecord_like
applicious-utils
assets-live_compile
activerecord-msgpack-serializer
abbyy_cloud
abn-validator
alias-class
applicaster_logger
applicant-tracking_api
acception_client
aliyun_mqs
active_model-email-validator
active-admin_filters_visibility
active-application
active-model_serializer_plus
activerecord-rescue-from_duplicate
active-model_serializers-matchers
address-validator
attribute-normalizer-extras
audiobank_client
allq-client
active-model_serializers_matchers
amazon_kinesis-client-ruby
activerecord-strict_validations
acts-as_commentable_with_replies
acts-as_journalized
amplifypay-ruby
active-model_type_validator
auto-scaling_methods
apache-felix_webconsole_client
apache-felix_api_client
active-replica
active-validator
active-rest_client
active-validation
ansible-tower_client
angular-form_validation
angular_turbolinks
android-string_resources_validator
access-policy
any_validate
acts-as_multilingual
ActiveAdmin_Globalize3-inputs
authenticator_client
activemerchant-banklink
apiotics-aws_client
ama-validators
active-model_serializers_pg
apiotics-aws_iot_client
apitool_client
acts-as_read_only_i18n_localised
activerecord-safe-initialize
aliyun-ruby_api
appfigures-client
active-model_policy
active-model-permalink
aliyun_slb
appium-doc_lint
aliyun_rds
active-admin_globalize3_locale_selector
activemodel-behavior-validator
at_validations
astroboa_cli
aliyun_mq-sdk
alive-state
aliseeks-api
alipay-global
act-as_serializable
access-policy_rails
acts-as_localized
accepts-nested_serialized_attributes
alidayu-api
alias-to_method
alias-scope
alias-metrics
activemodel-email-address_validator
application-config
ali-mns
association-validator
ability-list
activemodel-immutable-validator
capistrano-scm-git-with_submodule_and_resolv_symlinks
capistrano_copy-subdir
adb_sdklib
alacrity-client
activerecord_jdbcsplice-adapter
assets_publisher-for-hanami
agile_cli
activemodel-ipaddr-validator
activerecord_implicit-order
activerecord-forbid-implicit_connection_checkout
ar-lightning
assembla-cli
asana_cli
archive-lister
adn_cli
administrate_field-paperclip
administrate_field-mobility
acception_subscriber
activemodel-base64-validator
addy-caddy_client
adtech_api-client
addons_client
alcatraz_client
aliyun_mts
aliyun-sls
aliyun-sls_sdk
also-validates
acts-as_publicable
android_publisher
angel-list
answers_ruby-client
anything_slider
anything-slider_rails
active-pubsub
capistrano_scm-gitsubmodules
ability-engine
apn-client
apocalypse_client
activerecord-serialize-coders
apod_cli
app_cli
activerecord_publishable
application-module
activerecord_locking-symbolic
ace_client-ext
applied-css
ar-database_duplicator
ar-json_serialize
ar-publish_control
area-code_validator
assemblyline_cli
assemblyline_formatter
active-model_version_serializers
activemodel-url-validator
asset-pipeline
actionmailer-localized-preview
active-model-attributes_validation
activemodel-can-validator
at-least_one_existence_validator
atacama-client
auth_transis-client
auth-client
authenticated-client
auto-validate
active-model_serializers-cancan
asset-link
assets-offline
3scale-client
apigee-cli
asterisk_ari-client
capistrano_auth-subscriber
apidone_client
applidget_oauth2
capistrano_rails-subdir
apibanca_client
a1409yo-health
acmesmith_designate
a1408nw-Ounennhei
abbreviated-methods
acmesmith_ns1
aastra-xml_api
a1447ll-hpbd
act-as_enumerable
acme_smileage
a15z8my-name
action-meta_tags
act-as_time_as_boolean
abstract-api_wrapper
acme_pki
acmesmith_verisign
abiquo_api
acmesmith_google-cloud-dns
acmesmith_google-cloud-storage
active-merchant-mollie
rack_envinspector
edmunds-vin
deriving-license
comic-vine
act-as_nameable
a15666011-konagayoshi
rails_test-serving
a1548sy-yamamoto
seeing-is_believing
a1539kh-calculator
omniauth_marvin
acme-base64-hexagrams
twitter_vine
aai10_mechanize
1-as_identity_function
em_synchrony-dataone-vin
divining-rod
moving-images
a-stupid_test_gem
jmcnevin-rghost-barcode
a1426kt-prime-number
3scale-time_range
a1521hk-minitest_practice
a1426kt-prime_number
aastra-xml-api
acme_heisenberg
acme_bleach
absa_notify-me
vagrant_hvinfo
moving-average
action-parameter
nhtsa-vin
a-special_day
movingsign-api
a14z6ch-elapsed_days
a-stupid-test_gem
living-dead
ab-panel
kevins-propietary_brain
acme_leeway
indonesian-province
gimme-vins
hello-kelvinst
galvinhsiu-active-cart
aasm-ohm_persistence
first-giving_api
3scale-time-range
kevin-thompson
mars-rover_alvin
devino-sms
bitmovin_api
moving-words
actioncontroller-parameter-filter
multi-movingsign
abbish-sequel_plugins
forgiving-nil
37_pieces-of-flair
3months-staff_schedule
99designs_tasks
a1510jy-bmi
a1520mk-exercise4
aasm-active-fedora
a1501da-birthday
aasm-history
a1508ki-ika
a15745105-ichinoki
a1616ts-gem
a1624-bmi
a1535yt-gem
a1447ll-mini_test
a1630ty-a1630ty
a1521hk-age
a1632ma-ano
a15745105-ichinokii
a15z7kn-niitsuma_2016_gem
a-special-day
a1521hk-minitest-practice
a14z6ch-elapsed-days
a1439ty-bmiV3
a1420ks-bmi
a1412tk-bmi
allocation-stats
alerty-plugin-datadog-event
1-as-identity_function
alexa-plugin_generator
a1437ky-bmi3
fluent_plugin-stats
a1330ks-bmi
active-record_stats
foot-stats
a1447ll-test
active-scaffold_batch_vho
airbrake_statsd
belong_plugin-rds-pgsql-log
cocoapods_fixbugs-plugin
a_test-gem
autoproj_stats
arproxy-plugin-mysql-casual_log
gamer-stats
bunto-test_plugin
chef_handler-statsd
codestats_metrics-reporter
atlassian-plugin_installer
apptuit_fluent-plugin
admiral-stats_parser
education-stats
bunto-test_plugin_malicious
em_statsd-ruby
emque_stats
fluent_plugin-datadog-statsd
commonmarker_pluggable
halo-stats
active-redis_stats
blade-sauce-labs_plugin
github_org-stats
fluent_plugin-statsd
fluent_plugin-statsd-event
cap_drupal-multisite
arctica_autorization-rails-plugin
gitstats_rb
dradis_nmap
get-stats
fluent_plugin-statsd-output
fluent_plugin-stats-notifier
github_release-stats
fluent-plugin-haproxy-stats
gitstats_ruby
wordify-stuckiest
fluent_plugin-dogstatsd
jenkins-statsd
alerty-plugin-amazon-sns
em_statsd
alerty_plugin-ikachan
alerty_plugin-mail
alerty_plugin-slack
danger_apkstats
contributors-stats
active-model-password
activeadmin-jfu_upload
acts-as_explorable
claide_plugins
alephant_logger-statsd
angular_file-upload-rails
a1436mm-age
batali_infuse
bosh_plugin-pipeline
bosh-cli_plugin_consul
capistrano_stats
bosh-lastpass_plugin
active-model-better_errors
bosh-cli_plugin_redis
acts-as_better_tree
artisan_plugin
arethusa-plugin_generator
spider_src
alphabetical-paginate
http-statsd
alphabetical-paginate_uk
bankgiro-inbetalningar
beta_pod
fluent_plugin-statsite
spider_gazelle
fluent_plugin-dogstatsd-mediba
omniauth_mixer
spider-html
font_stack
apress_api
apress_documentation
apress_moysklad
ascii-press
batsd_dash
batch-translations
batch-it
commission-junction_stats
active-model-password_reset
batch_rails2
cache-stats
basic_stats
aem_deploy
batali_wedge
airbrake-stats
batali_tk
3months-staff-schedule
autoexec-bat
api-batch
ba-upload
activerecord-pluck-in_batches
admob-site_stats
activerecord-suppress-range_error
font_awesome-sass-c
font_awesome-sass-mixins
font_awesome-sassc
font_fabulous
font_awesome-sass
font-assets
benchmark_plot
bbs-uploader
aws_s3-deploy
aws_codedeploy-agent
auto_deploy-test
api-deploy
amoeba-deploy_tools
batch_rails
active-explorer
batch-insert
catarse-paypal_express
cafepress-api
bunto_press
activerecord_postgresql-expression
active-press
resque-stuck_queue
drupal-fu
capistrano3_drupal
git-team_stats
commandsy_plugin
cocoapods_icemobile-plugin
alphabet_rocker
bosh_plugin-generator
brightbox_boxgrinder-plugins
audio-mixer-sox
batman_rails
font_league
alphabetic-paginate
spider_node
archive-uploader
applogger_ruby
selenium-spider
ar_find-in-batches-with-order
batch-actions
administrate_field-password
acts-as_keywordable
arb-spider
apress_changelogger
royal-mail_scraper
stuck-it_up
spider-monkey
backstop_deploys
royal-mail_api
battle_on
battery-growl
battering-ram
beta-tools
spider-bot
awesome-print_carrier_wave_uploader
dradis_ntospider
beta-invites
adwords-scraper
bedrock_capistrano-uploads
active-record_samplooper
app_deployer
lines-mixer
aws-upload
language-mixer
font_roboto-rails
aws-blue_green_deploy
batched-query
speed-spider
asset-uploader
movie-spider
murmuring-spider
batch-audio_convert
secondhand_spider
acpc-poker_player_proxy
acpc-poker_types
acpc-poker_match_state
acpc-poker_basic_proxy
active-admin-advanced_create_another
active-admin_theme
about-pos
abstract-importer
acceptance-tests_support
act-blue_reporter
action-component
acpc-poker-player_proxy
active-admin_import
accessible-tooltip
cards-lib
acquia-toolbelt
game-shuffle_cards
act-as_importable
active-model-policy
acpc-poker-types
ackintosh-net-empty-port
acts-as_crafter
lang-cards
acpc-poker-basic_proxy
active-tools
acpc-poker-match_state
workarea-gift-cards
access-policy-rails
twitter-cards
damn_weather
cinch_weatherman
dark-sky_weather
hack-cards
barometer-weather-bug
activerecord_db-tools
ruby-playing_cards
enpit-weather
playing-cards
airservice-build_tools
ellen_weather
rubylove-playing-cards
current-weather
fortnite-api
rspec-candy
candy_-sql
candy-check
referral-candy
cinch_logsearch
capistrano_telegram-notification
chef-partial-search
capistrano_telegram
bin-search
blinkman-twitter-search
capistrano-telegram-notification
barely-searchable
jaconda-telegram
binary-search_tree
beerdb-api
cloud-search
biblesearch_api
blacklight-advanced_search
binary-search_frequency
aws_elasticsearch
beer-bash
telegram-meetup_bot
lita_onewheel-beer-apex
bisearch-enzim_hu
lita_onewheel-beer-baileys
telegram_bot-types
telegram-bot_ruby
lita_onewheel-beer-base
administrate-field-belongs-to_search
telegram-bot_middleware
lita_onewheel-beer-craftpourhouse
lita_onewheel-beer-loyal-legion
lita_onewheel-beer-tin-bucket
activeadmin-searchable-select
lita_onewheel-beer-wework
lita_telegram
telegram-bot_api
ruboty_telegram
telegram_bot-ruby
aliyun-open-search
lita_telegram-plus
city-search
chef_cloudsearch
aws-cloud_search
active-search
amazon_search
alchemy-pg-search
arel-search
lita_onewheel-beer-abvpub
apple-store_search
dog-biscuits
attr-searchable
lita_onewheel-beer-btu
datadog_notifications
lita_onewheel-beer-growlers
cat_dog
lita_onewheel-beer-pints
acts-as_fuzzy_search
lita_onewheel-beer-upperlip
alerty_plugin-datadog-event
airbrake_api
dragonfly_cloudinary-datastore
dragonfly_activerecord
rate-beer
dragonfly_cloudinary
lita_onewheel-beer-wayfinder
first-gem_rakesh
ad-search
fig-rake
crl-watchdog
datadog_cli
adapter_elasticsearch
datadog-apm
airbrake-notifying_threads
beer-in_the_evening
dogapi_demo
cordova_rake
blinkist_airbrake-scrubber
bard_rake
airbrake-user_attributes_rails5
fluent_plugin-airbrake-logger
airbrake-proxy
fluent_plugin-airbrake-python
datadog-proxy
airbrake-user_attributes
telegram-notifications
doge-linguist
doge-helper
bulldoggy_filesystem
chef_handler-datadog-demo
capistrano_airbrake
capistrano_rake
capistrano_runit-rake
dradis_brakeman
delayed_plugins-airbrake
doge_chef-formatter
cucumber-rake_runner
danger_brakeman
doge-woof
dot-rake_tasks_in_rails
execute-with_rescue_with_airbrake
airbrake_graylog2
ceedling_autorake
dt_rake
brakeman-translate_checkstyle_format
chalk_rake
branch-raker
Software vendor:
RubyGems fake vendor
RubyGems fake vendor
Description
The vulnerability allows a remote attacker to gain unauthorized access to the application.
The vulnerability exists due to presence of embedded malicious functionality in the application code (aka backdoor) that allows a remote attacker to gain unauthorized access to the application.
Remediation
Remove the affected package from the system.