Do your applications use this vulnerable package?
6 Jul 2019
3 Jul 2019
How to fix?
strong_password v0.0.7 altogether. Downgrading to v0.0.6 will ensure no malicious code execution is possible.
strong_password is a is an entropy-based password strength checking for Ruby and ActiveModel
This gem was hijacked by a malicious actor, who has published v0.0.7 containing malicious code that enables them to execute remote code in production.