Ruby

Impact Analysis: CVE-2022-29218, Allows Unauthorized Takeover of New Gem Versions via Cache Poisoning

May 12, 2022 By Maciej Mensfeld In Mend

It’s been a bad month for RubyGems vulnerabilities. Critical CVE-2022-29176 was issued May 8, 2022, and another critical CVE-2022-29218 was discovered less than a week later, on May 11. This new vulnerability would allow for a takeover of new versions of some platform-specific gems under certain circumstances.

Read Post

Mend

Read more about Impact Analysis: CVE-2022-29218, Allows Unauthorized Takeover of New Gem Versions via Cache Poisoning

Impact Analysis: RubyGems Critical CVE-2022-29176 Unauthorized Package Takeover

May 10, 2022 By Maciej Mensfeld In Mend

On May 6, 2022, a critical CVE was published for RubyGems, the primary packages source for the Ruby ecosystem. This vulnerability created a window of opportunity for malicious actors to take over gems that met the following criteria: Because RubyGems provides data dumps that include a lot of information, it is unfortunately relatively simple to create an automated mining process for these criteria.

Read Post

Mend

Read more about Impact Analysis: RubyGems Critical CVE-2022-29176 Unauthorized Package Takeover

Log4Shell or LogThemAll: Log4Shell in Ruby Applications

Dec 23, 2021 By Hagai Wechsler In Mend

The notorious Log4Shell vulnerability CVE-2021-45046, has put Log4j in the spotlight, and grabbed the entire Java community’s attention over the last couple of weeks. Maintainers of Java projects that use Log4j have most probably addressed the issue. Meanwhile, non-java developers are enjoying relative peace of mind, knowing that they are unaffected by one of the major vulnerabilities found in recent years. Unfortunately, this is an incorrect assumption.

Read Post

Mend

Read more about Log4Shell or LogThemAll: Log4Shell in Ruby Applications

Better Ruby Gemfile security: A step-by-step guide using Snyk

Aug 10, 2021 By DeveloperSteve In Snyk

Ruby is a well-defined and thought-out language and has been around since the mid-1990s. In 2004, Ruby incorporated RubyGems as its package manager. RubyGems is used to manage libraries and dependencies in a self-contained format known as a gem. The interface for RubyGems is a command line tool that integrates with the Ruby runtime and allows Gemfiles to be added or updated in a project. I looked at three Ruby platforms and found vulnerabilities that were surprising, even to me.

Read Post

Snyk

Read more about Better Ruby Gemfile security: A step-by-step guide using Snyk

Custom Exception Handling in Ruby

Apr 7, 2020 By Mark Michon In Bearer

In Ruby, like in most languages, an exception is a way to convey that something went wrong. While some languages only use exceptions for truly exceptional circumstances, like run-time errors, Ruby uses exceptions for a wide variety of errors and unexpected results.

Read Post

Bearer

Read more about Custom Exception Handling in Ruby

The Top Ruby HTTP Clients for 2020

Feb 5, 2020 By Mark Michon In Bearer

Trouble choosing an HTTP client for your Ruby project? We've got you covered. To help with the decision making, here is a list of the most popular and interesting libraries in the space. We've also included examples of making a request in each, and some reasons each library might be of interest to you and your project.

Read Post

Bearer

Read more about The Top Ruby HTTP Clients for 2020

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Ruby

Impact Analysis: CVE-2022-29218, Allows Unauthorized Takeover of New Gem Versions via Cache Poisoning

Impact Analysis: RubyGems Critical CVE-2022-29176 Unauthorized Package Takeover

Log4Shell or LogThemAll: Log4Shell in Ruby Applications

Better Ruby Gemfile security: A step-by-step guide using Snyk

Custom Exception Handling in Ruby

The Top Ruby HTTP Clients for 2020

Monthly Archive

Follow Us