RubySec

Providing security resources for the Ruby community

CVE-2019-14281 (datagrid): Code execution backdoor in datagrid

ADVISORIES

GEM

datagrid

SEVERITY

CVSS v3: 9.8

UNAFFECTED VERSIONS

  • < 1.0.6
  • > 1.0.6

PATCHED VERSIONS

None.

DESCRIPTION

The datagrid gem 1.0.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party.