PT-2019-13582 · Ruby · Datagrid Gem

Publicado

2019-07-26

Atualizado

2019-09-03

CVE-2019-14281

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions datagrid gem version 1.0.6

Description The issue concerns a code-execution backdoor that was inserted by a third party into the datagrid gem. This backdoor allows for code execution, posing a significant risk.

Recommendations For datagrid gem version 1.0.6, avoid using this version until a patched version is available. As a temporary workaround, consider removing or restricting the use of the datagrid gem to minimize the risk of exploitation.

Exploit

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2019-14281

GHSA-RQP5-PG7W-832P

SNYK-RUBY-DATAGRID-455500

Produtos afetados

Datagrid Gem

PT-2019-13582 · Ruby · Datagrid Gem

CVE-2019-14281

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7