RubyGems
Ruby package manager abuse techniques
high
Code Execution
RubyGems Build Script Execution via Gemspec Extensions
The gemspec `extensions` field can reference Rakefiles in addition to extconf.rb files. When a gem with Rakefile-based extensions is …
Linux
macOS
Windows
high
Code Execution
RubyGems Install Hook Abuse
RubyGems supports pre_install and post_install hooks that execute Ruby code during any gem installation. These hooks can be registered via …
Linux
macOS
Windows
critical
Code Execution
RubyGems Native Extension Code Execution
RubyGems packages with native C extensions require an extconf.rb file that is executed as arbitrary Ruby code during `gem install`. Because …
Linux
macOS
Windows
high
Source Manipulation
RubyGems Source Manipulation
RubyGems resolves packages from configurable source repositories. An attacker can add malicious gem sources via `gem sources --add`, modify …
Linux
macOS
Windows