CVE-2019-13354

Sažetak

The strong_password gem 0.0.7 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 0.0.6.

Reference

https://benjamin-bouchet.com/blog/vulnerabilite-dans-la-gem-strong_password-0-0-7/
https://github.com/bdmac/strong_password/releases
https://rubygems.org/gems/strong_password/versions
https://withatwist.dev/strong-password-rubygem-hijacked.html

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

10-07-2019 - 13:10

Objavljeno

08-07-2019 - 14:15