Tag
ruby-on-rails-security
Safeguard articles tagged "ruby-on-rails-security" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Software Supply Chain Security
RubyGems strong_password malicious version RCE
In 2019, attackers hijacked the strong_password RubyGems account and shipped a backdoored v0.0.7 that let them eval() code in production Rails apps.
Jul 2, 20267 min read
Vulnerability Analysis
Rails YAML deserialization RCE history and CVE-2013-0156 ...
A deep dive into CVE-2013-0156, the Rails YAML deserialization RCE that let attackers execute code via crafted requests, and how to remediate it.
Jan 26, 20268 min read