PT-2019-13583 · Ruby · Simple Captcha2

Publicado

2019-07-26

Atualizado

2019-09-03

CVE-2019-14282

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions simple captcha2 gem version 0.2.3

Description The issue concerns a code-execution backdoor that was inserted by a third party into the simple captcha2 gem for Ruby. This backdoor allows for code execution.

Recommendations For simple captcha2 gem version 0.2.3, consider removing or replacing the gem to prevent potential code execution by the backdoor. As a temporary workaround, restrict access to any applications using this gem until a secure version is available.

Exploit

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2019-14282

GHSA-WG6J-R28M-7293

SNYK-RUBY-SIMPLECAPTCHA2-455501

Produtos afetados

Simple Captcha2

PT-2019-13583 · Ruby · Simple Captcha2

CVE-2019-14282

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9