CVE-2019-15224

Name of the Vulnerable Software and Affected Versions rest-client versions 1.6.10 through 1.6.13 lita-coin version 0.0.3

Description The rest-client gem for Ruby included a code-execution backdoor inserted by a third party, which allowed the execution of malicious commands and sent information to an external host. This backdoor was inserted through the compromise of the developer's account in the rubygems.org repository. Approximately 1,000 users downloaded the affected versions before they were blocked. The rest-client gem has been downloaded 113 million times in total. Additionally, lita-coin contains a backdoor mechanism that allows launching hidden cryptocurrency mining operations and executing malicious commands.

Recommendations For rest-client versions 1.6.10 through 1.6.13, consider downgrading to version 1.6.9 or upgrading to version 1.7.x. For lita-coin version 0.0.3, there is no information about a newer version that contains a fix for this issue. As a temporary workaround, consider disabling the backdoor mechanism until a patch is available. Restrict access to the affected gem to minimize the risk of exploitation. Avoid using the affected gem in production environments until the issue is resolved.