Remote code execution in bootstrap-sass 3.2.0.3
Description
bootstrap-sass is a Ruby gem, the official Sass port of Bootstrap 2 and 3. On March 26, 2019, a malicious version (version 3.2.0.3) of this gem was published to the official RubyGems repository. This modified gem includes a stealthy backdoor that gives attackers remote command execution on server-side Rails applications.
Remediation
Upgrade to the latest version of this Ruby gem (this issue was fixed in version 3.2.0.4).