CVE-2018-3779
Description
active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The active-support Ruby gem is a trojan horse that impersonates the legitimate activesupport gem and executes arbitrary code via a downloaded payload.
Vulnerability
The active-support gem (version 5.2.0) is a malicious package that impersonates the legitimate activesupport gem. It contains a compiled extension that resolves a base64-encoded domain (29faea63.planfhntage.de), downloads a payload, and executes it. No version of this gem should be considered safe [1][2].
Exploitation
An attacker can exploit this by tricking a user into installing the active-support gem instead of the legitimate activesupport gem. This could occur via typosquatting or dependency confusion. Once installed, the gem's extension automatically contacts the remote domain, downloads a payload, and executes it without further user interaction [2].
Impact
Successful exploitation allows a remote attacker to execute arbitrary code on the system with the privileges of the Ruby process. This can lead to full compromise of the affected system, including data theft, installation of malware, or further lateral movement [1][2].
Mitigation
There is no patched version because the gem is inherently malicious. Users should ensure they install the legitimate activesupport gem (no hyphen) from trusted sources. Organizations should audit their Gemfile.lock for any occurrence of active-support and remove it immediately. The gem is not listed in the official RubyGems repository as of the advisory date [2].
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
active-supportRubyGems | >= 0 | — |
Affected products
3- HackerOne/active-support ruby gemv5Range: 5.2.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-2j55-pcw5-x4h2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-3779ghsaADVISORY
- hackerone.com/reports/392311ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.