RubyGems · rubygems.org

ory-client

Rb Install Time Backticks: Backtick / %x() shell-out paired with eval/dynamic-require/network/deserialize.

Why PkgRadar flagged 1.22.43

Severity	Signal	Evidence
high	Rb Install Time Backticks	Backtick / %x() shell-out paired with eval/dynamic-require/network/deserialize. · vendor/bundle/ruby/3.2.0/gems/method_source-1.1.0/Rakefile
high	Rb Install Time Backticks	Backtick / %x() shell-out paired with eval/dynamic-require/network/deserialize. · vendor/bundle/ruby/3.2.0/gems/psych-4.0.6/psych.gemspec
medium	Rb Install Time Dynamic Require	require() with string interpolation — runtime-resolved library path. · vendor/bundle/ruby/3.2.0/gems/method_source-1.1.0/Rakefile
medium	Rb Install Time Eval	eval / instance_eval / class_eval — evaluates Ruby from a string. · vendor/bundle/ruby/3.2.0/gems/psych-4.0.6/psych.gemspec
medium	Remote Payload	matched "wget " · vendor/bundle/ruby/3.2.0/gems/coderay-1.1.3/lib/coderay/scanners/lua.rb
medium	Remote Payload	matched "curl " · vendor/bundle/ruby/3.2.0/gems/ethon-0.18.0/ethon.gemspec
medium	Remote Payload	matched "Curl\n " · vendor/bundle/ruby/3.2.0/gems/ethon-0.18.0/lib/ethon/curl.rb
medium	Remote Payload	matched "Curl\n " · vendor/bundle/ruby/3.2.0/gems/ethon-0.18.0/lib/ethon/curls/classes.rb
medium	Remote Payload	matched "Curl\n " · vendor/bundle/ruby/3.2.0/gems/ethon-0.18.0/lib/ethon/curls/constants.rb
medium	Remote Payload	matched "Curl\n " · vendor/bundle/ruby/3.2.0/gems/ethon-0.18.0/lib/ethon/curls/settings.rb
medium	Remote Payload	matched "curl " · vendor/bundle/ruby/3.2.0/gems/typhoeus-1.6.0/typhoeus.gemspec
medium	Remote Payload	matched "curl " · vendor/bundle/ruby/3.2.0/specifications/ethon-0.18.0.gemspec

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`1.22.53`	Low risk	0	2026-06-17
`1.22.52`	Low risk	0	2026-06-16
`1.22.51`	Low risk	0	2026-06-12
`1.22.50`	Low risk	0	2026-06-11
`1.22.49`	Low risk	0	2026-06-10
`1.22.48`	Low risk	0	2026-06-05
`1.22.47`	Low risk	0	2026-06-03
`1.22.46`	Low risk	0	2026-06-03
`1.22.45`	Low risk	0	2026-06-03
`1.22.44`	Low risk	0	2026-06-03
`1.22.43`	Review	72	2026-05-29

Block this in CI

PkgRadar gates ory-client (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem rubygems [email protected]

Start free — 25 scans / mo View full evidence