Bootstrap is an open source framework. It allows to website designers quick built a website with pre-built components.
The malicious version of Bootstrap-Saas ruby library had been downloaded more than 28 million times. Backdoored version only 1,470 times.
The secret code found from
Software developer Derek Barnes, he had noticed the malicious code in version 188.8.131.52 and someone removed the library and rapidly update 184.108.40.206.
Drew Barnes attention to affected version was the fact that the change had only been made on RubyGems a popular repository for Ruby libraries, but not on GitHub, where the library’s source code was being managed.
A new version – 220.127.116.11 – has now been released, which is identical to 18.104.22.168. Bootstrap-Sass users are urged to update as soon as possible to this version of the software.