RubySec

Providing security resources for the Ruby community

CVE-2019-14281 (datagrid): Code execution backdoor in datagrid

ADVISORIES

GEM

datagrid

SEVERITY

CVSS v3.x: 9.8 (Critical)

UNAFFECTED VERSIONS

  • < 1.0.6
  • > 1.0.6

PATCHED VERSIONS

None.

DESCRIPTION

The datagrid gem 1.0.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party.

Contact us @rubysec or open an issue on our GitHub repository.

Recent Advisories