PT-2019-13440 · Ruby · Paranoid2

Published

2019-07-14

Updated

2020-08-24

CVE-2019-13589

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions paranoid2 gem version 1.1.6

Description The issue concerns a code-execution backdoor inserted by a third party into the paranoid2 gem for Ruby. This backdoor was present in the version distributed on RubyGems.org.

Recommendations For version 1.1.6, downgrade to version 1.1.5 to remove the backdoor.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-829

Related Identifiers

CVE-2019-13589

GHSA-4G4C-8GQH-M4VM

SNYK-RUBY-PARANOID2-451600

Affected Products

Paranoid2

PT-2019-13440 · Ruby · Paranoid2

CVE-2019-13589

Weakness Enumeration

Related Identifiers

Affected Products

References · 9