Rubygems.org is the Ruby community's gem hosting service. Rubygems.org users with MFA enabled would normally be protected from account takeover in the case of email account takeover. However, a workaround on the forgotten password form allows an malicious user to bypass the MFA requirement and takeover the account. This vulnerability has been patched in commit 0b3272a.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
rubygems rubygems.org |