PT-2020-9886 · Rubygems · Omniauth-Weibo-Oauth2

Mensfeld

·

Published

2020-02-07

·

Updated

2022-05-24

·

CVE-2019-17268

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions omniauth-weibo-oauth2 gem version 0.4.6
Description The issue concerns a code-execution backdoor inserted by a third party into the omniauth-weibo-oauth2 gem for Ruby.
Recommendations For version 0.4.6, update to a version outside the affected range, such as 0.4.5 or 0.5.1 and later, to resolve the issue.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2019-17268
GHSA-VR22-43GJ-RX3F

Affected Products

Omniauth-Weibo-Oauth2