all 1 comments

[–]cyber_burn[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

i was a minor version and a couple of builds away from getting rekt by this one.

looks like a dev account was compromised, and there was code added to the gem that would allow malicious code to be sent through the http-cookie header and executed on the server with eval.