PT-2019-13582 · Ruby · Datagrid Gem

Published

2019-07-26

Updated

2019-09-03

CVE-2019-14281

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions datagrid gem version 1.0.6

Description The issue concerns a code-execution backdoor that was inserted by a third party into the datagrid gem. This backdoor allows for code execution, posing a significant risk.

Recommendations For datagrid gem version 1.0.6, avoid using this version until a patched version is available. As a temporary workaround, consider removing or restricting the use of the datagrid gem to minimize the risk of exploitation.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2019-14281

GHSA-RQP5-PG7W-832P

SNYK-RUBY-DATAGRID-455500

Affected Products

Datagrid Gem

PT-2019-13582 · Ruby · Datagrid Gem

CVE-2019-14281

Weakness Enumeration

Related Identifiers

Affected Products

References · 7