MAL-2024-7007

See a problem?

Import Source

https://github.com/ossf/malicious-packages/blob/main/osv/malicious/rubygems/rack_envinspector/MAL-2024-7007.json

JSON Data

https://api.osv.dev/v1/vulns/MAL-2024-7007

Published

2024-06-25T13:52:01Z

Modified

2024-10-24T01:02:00Z

Summary

Malicious code in rack_envinspector (RubyGems)

Details

-= Per source details. Do not edit below this line.=-

Database specific

{
    "malicious-packages-origins": [
        {
            "sha256": "9ecfdd41ced16a2024b19a680f99e14fc38211b13f95e6be44c3d5da87fec7c4",
            "import_time": "2024-06-28T02:52:44.716440732Z",
            "versions": [
                "0.1"
            ],
            "id": "RLMA-2024-05812",
            "source": "reversing-labs",
            "modified_time": "2024-06-25T13:52:01Z"
        },
        {
            "sha256": "1ef9508b74027d8139c1801adddb25cd0f05b9a446978de1eb7d6469d0df2ed8",
            "import_time": "2024-10-24T01:01:22.886107956Z",
            "id": "RLUA-2024-10333",
            "source": "reversing-labs",
            "modified_time": "2024-10-16T15:04:35Z"
        }
    ]
}

References

https://blog.reversinglabs.com/blog/mining-for-malicious-ruby-gems

Credits

- ReversingLabs - FINDER
- - https://www.reversinglabs.com

Affected packages

RubyGems / rack_envinspector

Package

Name: rack_envinspector
Purl: pkg:gem/rack_envinspector

Affected ranges

Affected versions

0.*

0.1