Talos has discovered two XSS vulnerabilities in Ruby Rails Gems. Rails is a Ruby framework designed to create web services or web pages. Ruby Gems is a package manager for distributing software packages as ‘gems’. The two XSS vulnerabilities were discovered in two different gem packages: delayed_job_web and rails_admin.
Ruby is widely used as a language for web development. Gem packages allow software engineers to reuse code across multiple development projects. As such, the discovery of a vulnerability in a gem may mean that many different systems are affected by that vulnerability.
VISIT THE SOURCE ARTICLE
Author: Talos Group
Used with the permission of http://thenetwork.cisco.com/. Cisco reserves all rights in and to any Cisco logos, trademarks or trade names contained in any RSS/JS feed, and your right to use these Cisco logos, trademarks or trade names is limited to providing attribution in connection with these RSS/JS feeds.