PT-2019-13583 · Ruby · Simple Captcha2

Published

2019-07-26

Updated

2019-09-03

CVE-2019-14282

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions simple captcha2 gem version 0.2.3

Description The issue concerns a code-execution backdoor that was inserted by a third party into the simple captcha2 gem for Ruby. This backdoor allows for code execution.

Recommendations For simple captcha2 gem version 0.2.3, consider removing or replacing the gem to prevent potential code execution by the backdoor. As a temporary workaround, restrict access to any applications using this gem until a secure version is available.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2019-14282

GHSA-WG6J-R28M-7293

SNYK-RUBY-SIMPLECAPTCHA2-455501

Affected Products

Simple Captcha2

PT-2019-13583 · Ruby · Simple Captcha2

CVE-2019-14282

Weakness Enumeration

Related Identifiers

Affected Products

References · 9