The `active-support` ruby gem gem is malware and duplicates the official `activesupport` (no hyphen) gem, but adds a compiled extension. The extension attempts to resolve a base64 encoded domain (29faea63.planfhntage.de), downloads a payload, and executes.

This trojan horse gem could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system. No version of this gem should be considered safe.

Affected Packages

RubyGems active-support

Affected versions: 0

Related CVEs

CVE-2018-3779

Key Information

GHSA ID

GHSA-2j55-pcw5-x4h2

Published

August 13, 2018 3:02 PM

Last Modified

January 18, 2023 9:33 PM

CVSS Score

9.0 /10

Primary Ecosystem

RubyGems

Primary Package

active-support

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 30, 2025 6:32 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.