The gem in question exploited a YAML parsing vulnerability
The popular Ruby package manager website RubyGems (rubygems.org) has been placed in maintenance mode after owners noticed that a malicious gem which exploited a YAML parsing vulnerability was uploaded by a user.The vulnerability in question can be used to execute arbitrary code and even gain access to sensitive data, including credentials needed to tamper with gems.
The site’s administrators immediately disabled deploys of Ruby applications and started checking the other gems for signs of tampering.
In the latest update, posted a few hours ago, RubyGems representatives revealed that 90% of the gems had been verified.
Apparently, the vulnerability exploited by the malicious gem has been reported to RubyGems around one week ago by an expert using the handle "blambeau." Another user, "Postmodern," wrote a proof-of-concept for it and posted it on a private chat room.
Someone took the POC and used it to demonstrate the severity of the issue.