https://snyk.io/blog/malicious-remote-code-execution-backdoor-discovered-in-the-popular-bootstrap-sass-ruby-gem/
Answers to your questions
https://snyk.io/blog/malicious-remote-code-execution-backdoor-discovered-in-the-popular-bootstrap-sass-ruby-gem/
Submit link posts as links, not as text posts.
Edit: I’m gonna keep this here for now, since a RCE backdoor is more important than the rules.
Thanks for posting this. Was not aware before.
FYI to anyone here’s the github issue for this, a kinda interesting discussion ensued there:
https://github.com/twbs/bootstrap-sass/issues/1195#issuecomment-479047836
The fix is in 3.2.0.4 released today but watch out for any bootstrap-sass 3.2.0.3 versions they have malware.