Bootstrap is an open source framework. It allows to website designers quick built a website with pre-built components.
The malicious version of Bootstrap-Saas ruby library had been downloaded more than 28 million times. Backdoored version only 1,470 times.
The secret code found from
Software developer Derek Barnes, he had noticed the malicious code in version 184.108.40.206 and someone removed the library and rapidly update 220.127.116.11.
Drew Barnes attention to affected version was the fact that the change had only been made on RubyGems a popular repository for Ruby libraries, but not on GitHub, where the library’s source code was being managed.
A new version – 18.104.22.168 – has now been released, which is identical to 22.214.171.124. Bootstrap-Sass users are urged to update as soon as possible to this version of the software.