Описание
The paranoid2 gem 1.1.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.1.5.
Ссылки
- Third Party AdvisoryVDB Entry
- ExploitIssue TrackingThird Party Advisory
- Vendor Advisory
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- ExploitIssue TrackingThird Party Advisory
- Vendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:anjlab:paranoid2:1.1.6:*:*:*:*:ruby:*:*
EPSS
Процентиль: 91%
0.06233
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-829
Связанные уязвимости
EPSS
Процентиль: 91%
0.06233
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-829