Code execution backdoor in omniauth_amazon
Published: August 20, 2019
SECURITY IDENTIFIERS
- CVE: CVE-2019-15224 (NVD)
- GHSA: GHSA-333g-rpr4-7hxq
- Vendor Advisory: https://github.com/rubygems.org/issues/2097
GEM
SEVERITY
CVSS v3.x: 9.8 (Critical)
UNAFFECTED VERSIONS
< 1.0.1
> 1.0.1
PATCHED VERSIONS
None available.
DESCRIPTION
The omniauth_amazon gem 1.0.1 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party.
Users of an affected version should consider downgrading to the last non-affected version of 1.0.1.