Critical Gems Takeover Bug Reported in RubyGems Package Manager
The maintainers of the RubyGems package manager have addressed a critical security flaw that could have been abused to remove gems and replace them with rogue versions under specific circumstances.
“Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so,” RubyGems said in a security advisory
Hey there, thanks for visiting our page. Listen, we get it, the information above may not be enough for you, and that's probably because the article originated somewhere else on the internet. So if you yearn for more reading, you can find the original write up HERE