RubySec

Providing security resources for the Ruby community

CVE-2019-13589 (paranoid2): Code backdoor in paranoid2

ADVISORIES

GEM

paranoid2

SEVERITY

CVSS v3.x: 9.8 (Critical)

UNAFFECTED VERSIONS

  • > 1.1.6
  • < 1.1.6

PATCHED VERSIONS

None.

DESCRIPTION

The paranoid2 gem 1.1.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party.

The current version, without this backdoor, is 1.1.5.

Contact us @rubysec or open an issue on our GitHub repository.

Recent Advisories