Add CVE-2018-3779 for active-support

reedloden · reedloden · commit b27b9586c46c · 2018-08-09T02:17:27.000-07:00
diff --git a/gems/active-support/CVE-2018-3779.yml b/gems/active-support/CVE-2018-3779.yml
@@ -0,0 +1,13 @@
+---
+gem: active-support
+cve: 2018-3779
+url: https://rubygems.org/gems/active-support
+title: Malicious ruby gem - active-support
+date: 2018-08-09
+
+description: |
+  The gem duplicates official `activesupport` (no hyphen) code, but adds a
+  compiled extension. The extension attempts to resolve a base64 encoded
+  domain, downloads a payload, and executes.
+
+  Replace this gem with the official `activesupport` gem.
