The RubyGems 2.7.6 update released last week for RubyGems includes several security improvements and addresses several types of vulnerabilities.
The new RubyGems 2.7.6 release addresses several vulnerabilities in Ruby Gems and implements several security improvements.
The updates prevent path traversal when writing to a symlinked basedir outside of the root and during gem installation.
The updates also address a cross-site scripting (XSS) vulnerability in the homepage attribute when displayed via gem server and an Unsafe Object Deserialization issue in gem owner.
The new RubyGems release raises a security error when there are duplicate files in a package and enforce URL validation on spec homepage attribute.
To update to the latest RubyGems you can run:
gem update --system
(Security Affairs – RubyGems, security)
The post RubyGems 2.7.6 addresses several flaws and implements some improvements appeared first on Security Affairs.