The popular Ruby gem `bootstrap-sass` has a malicious remote code execution backdoor that was discovered and removed from the official RubyGems repository. The vulnerability allows attackers to execute dynamic code on servers hosting vulnerable versions of the gem, which has been downloaded over 28 million times. A malicious version of the gem, version 3.2.0.3, was published to the repository with a hidden backdoor that taps into another Ruby module and modifies it to allow remote code execution. The maintainers of the `bootstrap-sass` project have released a new version, 3.2.0.4, which fixes the vulnerability without requiring major version upgrades. Users are advised to replace the vulnerable version with the safe one immediately and connect their repositories with Snyk to monitor for malicious activity in the future.