RubySec

Providing security resources for the Ruby community

CVE-2019-14282 (simple_captcha2): Code backdoor in simple_captcha2

ADVISORIES

GEM

simple_captcha2

SEVERITY

CVSS v3.x: 9.8 (Critical)

UNAFFECTED VERSIONS

  • < 0.2.3
  • > 0.2.3

PATCHED VERSIONS

None.

DESCRIPTION

The simple_captcha2 gem 0.2.3 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party.

Contact us @rubysec or open an issue on our GitHub repository.

Recent Advisories