Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Back

---
gem: cron_parser
date: 2019-08-20
url: https://github.com/rubygems.org/issues/2097
cve: 2019-15224
title: Code execution backdoor in cron_parser
description: |
  The cron_parser gem 0.1.4, 1.0.12, and 1.0.13 as distributed on RubyGems.org, included a
  code-execution backdoor inserted by a third party.

  No unaffected version is known to exist, as the gem appears to have been entirely removed.
unaffected_versions:
- "< 1.0.12"
- "> 1.0.13"
- "< 0.1.4"
- "> 0.1.4"
related:
  url: '["https://github.com/rubygems/rubygems.org/wiki/Gems-yanked-and-accounts-locked#19-aug-2019"]'