ADVISORIES

• CVE-2018-3779 (NVD)
• GHSA-2j55-pcw5-x4h2
• Vendor Advisory

GEM

active-support

PATCHED VERSIONS

None.

DESCRIPTION

The gem duplicates official activesupport (no hyphen) code, but adds a compiled extension. The extension attempts to resolve a base64 encoded domain, downloads a payload, and executes.

Replace this gem with the official activesupport gem.

RELATED

• https://github.com/rubygems/rubygems.org/pull/1762