RubyGems · rubygems.org
cpee
Rb Install Time Backticks: Backtick / %x() shell-out paired with eval/dynamic-require/network/deserialize.
Why PkgRadar flagged 2.1.121
| Severity | Signal | Evidence |
|---|---|---|
| high | Rb Install Time Backticks | Backtick / %x() shell-out paired with eval/dynamic-require/network/deserialize. · Rakefile |
| medium | Rb Install Time Eval | eval / instance_eval / class_eval — evaluates Ruby from a string. · Rakefile |
| medium | Remote Payload | matched "curl " · server/executionhandlers/eval/connection.rb |
| medium | Remote Payload | matched "curl " · server/executionhandlers/ruby/connection.rb |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
2.1.121 | Review | 37 | 2026-06-15 |
2.1.120 | Review | 37 | 2026-06-08 |
2.1.119 | Review | 37 | 2026-06-08 |
2.1.118 | Review | 37 | 2026-06-02 |
2.1.116 | Review | 37 | 2026-05-29 |
2.1.115 | Review | 37 | 2026-05-28 |
Block this in CI
pkgradar gate --ecosystem rubygems [email protected]