GNU socialhttps://nu.federati.net/api/statusnet/conversation/2139025.atomConversation2024-03-29T06:14:24+00:00http://activitystrea.ms/schema/1.0/notehttps://mastodon.sdf.org/users/maiki/statuses/101870854857375610New note by maiki<p>> On March 26, 2019, a malicious version of the popular <a href="https://mastodon.sdf.org/tags/bootstrap" class="mention hashtag" rel="tag">#<span>bootstrap</span></a> <a href="https://mastodon.sdf.org/tags/sass" class="mention hashtag" rel="tag">#<span>sass</span></a> package, that has been downloaded a total of 28 million times to date, was published to the official <a href="https://mastodon.sdf.org/tags/rubygems" class="mention hashtag" rel="tag">#<span>RubyGems</span></a> repository. Version 3.2.0.3 includes a stealthy backdoor that gives attackers remote command execution on server-side <a href="https://mastodon.sdf.org/tags/rails" class="mention hashtag" rel="tag">#<span>Rails</span></a> applications.</p><p>Comments: <a href="https://talkgroup.xyz/t/malicious-remote-code-execution-backdoor-discovered-in-the-popular-bootstrap-sass-ruby-gem/2936" rel="nofollow"><span class="invisible">https://</span><span class="ellipsis">talkgroup.xyz/t/malicious-remo</span><span class="invisible">te-code-execution-backdoor-discovered-in-the-popular-bootstrap-sass-ruby-gem/2936</span></a></p>2847160http://activitystrea.ms/schema/1.0/post2019-04-05T00:58:06+00:002019-04-05T00:58:06+00:00http://activitystrea.ms/schema/1.0/personhttps://mastodon.sdf.org/users/maikimaikiNotable attributes: PTSD, compulsively open, webcrafter. Renders in Oakland, documents at https://interi.org.maikimaikiNotable attributes: PTSD, compulsively open, webcrafter. Renders in Oakland, documents at https://interi.org.tag:nu.federati.net,2019-04-05:objectType=thread:nonce=ba9622a13a1a1cda