exploitDog

CVE-2019-14281

Опубликовано: 26 июл. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The datagrid gem 1.0.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party.

Ссылки

https://github.com/rubygems/rubygems.org/issues/2072
Third Party Advisory
https://rubygems.org/gems/datagrid/versions
Third Party Advisory
https://snyk.io/vuln/SNYK-RUBY-DATAGRID-455500
https://github.com/rubygems/rubygems.org/issues/2072
Third Party Advisory
https://rubygems.org/gems/datagrid/versions
Third Party Advisory
https://snyk.io/vuln/SNYK-RUBY-DATAGRID-455500

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:datagrid_project:datagrid:1.0.6:*:*:*:*:ruby:*:*

EPSS

Процентиль: 79%

0.01216

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-rqp5-pg7w-832p

CVSS3: 9.8

github

больше 6 лет назад

datagrid contains code Injection backdoor

EPSS

Процентиль: 79%

0.01216

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-94