Code execution backdoor in datagrid
Published: July 31, 2019
SECURITY IDENTIFIERS
- CVE: CVE-2019-14281 (NVD)
- GHSA: GHSA-rqp5-pg7w-832p
- Vendor Advisory: https://github.com/rubygems/rubygems.org/issues/2072
GEM
SEVERITY
CVSS v3.x: 9.8 (Critical)
UNAFFECTED VERSIONS
< 1.0.6
> 1.0.6
PATCHED VERSIONS
None available.
DESCRIPTION
The datagrid gem 1.0.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party.