Bootstrap is an open source framework. It allows to website designers quick built a website with pre-built components.

The malicious version of Bootstrap-Saas ruby library had been downloaded more than 28 million times. Backdoored version only 1,470 times.

The secret code found from bootstrap-saas ruby library. It is used for frontend user interface based on Ruby and Ruby and Rails. The vulnerable code is allowed remote code execution (RCE). The library affected by this incident is Bootstrap-Sass, a Ruby package that provides developers with a Sass-version of Bootstrap, the most popular UI framework for developers today.

Software developer Derek Barnes, he had noticed the malicious code in version 3.2.0.2 and someone removed the library and rapidly update 3.2.0.3.

Drew Barnes attention to affected version was the fact that the change had only been made on RubyGems a popular repository for Ruby libraries, but not on GitHub, where the library’s source code was being managed.

A new version – 3.2.0.4 – has now been released, which is identical to 3.2.0.2. Bootstrap-Sass users are urged to update as soon as possible to this version of the software.

LEAVE A REPLY

Please enter your comment!
Please enter your name here