Code backdoor in simple_captcha2
Published: July 31, 2019
SECURITY IDENTIFIERS
- CVE: CVE-2019-14282 (NVD)
- GHSA: GHSA-wg6j-r28m-7293
- Vendor Advisory: https://github.com/rubygems/rubygems.org/issues/2073
GEM
SEVERITY
CVSS v3.x: 9.8 (Critical)
UNAFFECTED VERSIONS
< 0.2.3
> 0.2.3
PATCHED VERSIONS
None available.
DESCRIPTION
The simple_captcha2 gem 0.2.3 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party.