RubyGems slings patch at nasty redirect trojan holes
Get patching: new vulns in the RubyGems developer distribution platform could expose millions of users to malicious redirects.
The hole (CVE-2015-3900) since patched means clients could be pushed to Gem severs hosting malicious content even if HTTPS is employed.
Attackers further benefited since RubyGems Gems Server Discovery did not validate if DNS replies are from the same security domain as gem sources. Gems are used in Ruby libraries for software development and distribution and are pushed out to servers for user installation.