Bootstrap-Sass Rubygem Hijacked

If not, you should test, for free, to see if your application is affected by the malicious version by testing your application code repository with Snyk. The backdoor was wisely hidden in the 3.2.0.3 version that was only published to RubyGems and no source of the malicious version existed on the GitHub repository and allowed remote attackers to dynamically execute code on servers hosting the vulnerable versions. When is imported, it imports the following malicious middleware code that resides on :

If your project is being monitored by Snyk, you will have already been notified by Snyk’s routine alerts, should your application contain this malicious package.

Source: snyk.io