-
-
Notifications
You must be signed in to change notification settings - Fork 939
Gems yanked and accounts locked
Aditya Prakash edited this page Jun 30, 2019
·
11 revisions
There are a few select scenarios where a published gem could be yanked and your account can be locked by the rubygems.org team members.
- creates a backdoor for remote code execution
- steals sensitive information from a host like HTTP Cookies
- contains code for a malware
We will use this wiki to document yanked gems, accounts locked along with the rationale for the action.
- Account locked: Shaggy
- Gems yanked: All gems where shaggy is the owner
- Reason: Gems contain code for crypto mining and cookie/password stealing.
- Related: rubygems/rubygems.org#2034
- Account locked: CrypticE
- Gem yanked: All versions of passen
- Reason: Latest version of passen had code for cookie stealing.
- Related: help.rubygems.org#36541