Описание
The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions <=1.6.9 and >=1.6.14 are unaffected.
The rest-client rubygem, hosted on rubygems.org, was compromised and released containing malware in versions 1.6.10 to 1.6.13. Applications using these versions of the rest-client rubygem should be considered compromised.
Отчет
OpenShift Container Platform is not vulnerable to this issue as it does not use the affected versions.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | cfme-amazon-smartstate | Not affected | ||
| CloudForms Management Engine 5 | cfme-gemset | Not affected | ||
| Red Hat OpenShift Container Platform 3.10 | rubygem-rest-client | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | rubygem-rest-client | Not affected | ||
| Red Hat OpenShift Container Platform 3.9 | rubygem-rest-client | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift4/ose-logging-fluentd | Not affected | ||
| Red Hat Satellite 6 | rubygem-rest-client | Not affected |
Показывать по
Дополнительная информация
Статус:
9.8 Critical
CVSS3
Связанные уязвимости
The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions <=1.6.9 and >=1.6.14 are unaffected.
The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions <=1.6.9 and >=1.6.14 are unaffected.
The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on ...
9.8 Critical
CVSS3