Another day, another reminder to be careful about installing software downloaded from the Internet: This time, the warning is for the Ruby community.
The team behind RubyGems.org closed two security flaws on its website that could be exploited by an attacker to replace any .gem file on the server with a different file having the same name, according to an advisory posted on the Ruby gem hosting service’s website.