Backdoor code was found added in a popular Ruby library used for frontend user interfaces inside Ruby and Ruby on Rails applications. The malicious code was removed via a library update.
The library affected by this incident is Bootstrap-Sass, a Ruby package that provides developers with a Sass-version of Bootstrap, the most popular UI framework for developers today.
The backdoor’s existence came to light on March 27, last week, when software developer Derek Barnes spotted that someone had removed a version of the library (Bootstrap-Sass v3.2.0.2) and immediately released a new version, moments later, v3.2.0.3.
Read more…
Source: ZDNet