Yesterday, Rubygems found a gem with an exploit to execute arbitrary code, copy config files with passwords and auto-post them onto pastie.org.
The community suspects that some gems on rubygems.org may have been re-written with the exploit code so everyone has been verifying gems.
AppNeta Verifies Rubygems
We’ve verified all of the AppNeta oboe gems (404 until Rubygems is back online) on rubygems.org from version 1.3.0 and up. All checkout and match what we have on [gem/gem-beta].tracelytics.com (and what we have locally) so our customers should be unaffected. We’ll check them periodically this week.
In case you’re still uncomfortable with using rubygems.org, we also host all versions of the oboe gem at gem.tracelytics.com as an alternative.
Additional Rubygems Information
For additional information about this exploit, here are some links: