or Create a profile

Home Questions

Malicious Libraries Uploaded to RubyGems Repository

Tya Hariharan's Avatar

Tya Hariharan

21 Apr, 2020 10:47 PM

Hi,

We just heard that malicious libraries were uploaded to RubyGems. My question here is, how can we find out which libraries are malicious or whether we have installed them? Do you plan on publishing a list?

Thanks,
Tya

  1. Support Staff 1 Posted by sonalkr132 on 25 Apr, 2020 09:10 PM

    sonalkr132's Avatar

    Hi Tya,

    We maintain a wiki for most of them gems we removed for security reasons, you can find it here: https://github.com/rubygems/rubygems.org/wiki/Gems-yanked-and-accou...

    whether we have installed them?

    Note that your host could have only installed the gem if you or any of the libraries you used made a typo matching the above mentioned list.

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

  • New Issue

  • Conversation Started

    A conversation has been started with the RubyGems.org staff to resolve this discussion.

  • Close the discussion

Private Permissions

This discussion is private. Only you and RubyGems.org support staff can see and reply to it.

Public Permissions

This discussion is public. Everyone can see and reply to it.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

01 Jun, 2020 03:43 PM ERROR: Could not find a valid gem 'bundler' (= 1.17.3) issue when trying to install bundler
01 Jun, 2020 07:12 AM Unable to download data from https://rubygems.org/ - Received fatal alert: protocol_version (https://rubygems.org/specs.4.8.gz)
29 May, 2020 04:24 PM Error while installation
23 May, 2020 08:42 AM Offer Now:-https://productscop.com/virmaxryn-review/
23 May, 2020 08:30 AM http://supplementstrick.com/virmaxryn/

Recent Articles

Supporter FAQ
Removing an accidentally pushed gem
Removing a published RubyGem
Common Problems