Lucene search
MitreCVELIST:CVE-2019-10842HistoryApr 04, 2019 - 3:46 a.m.
CVE-2019-10842
2019-04-0403:46:37
mitre
www.cve.org
5
Arbitrary code execution (via backdoor code) was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the ___cfduid cookie value with base64 arbitrary code to be executed via eval(), which can be leveraged to execute arbitrary code on the target system. Note that there are three underscore characters in the cookie name. This is unrelated to the __cfduid cookie that is legitimately used by Cloudflare.
Related
nvd
nvd
CVE-2019-10842
2019-04-04 04:29:00
rubygems
rubygems
Remote code execution in bootstrap-sass
2019-04-03 21:00:00
veracode
veracode
Malicious Package
2019-04-04 18:26:51
redhatcve
redhatcve
CVE-2019-10842
2019-04-09 13:50:19
ubuntucve
ubuntucve
CVE-2019-10842
2019-04-04 00:00:00
prion
prion
Code injection
2019-04-04 04:29:00
osv
osv
Bootstrap-sass contains code execution backdoor
2019-04-04 16:28:47
cve
cve
CVE-2019-10842
2019-04-04 04:29:00
github
github
Bootstrap-sass contains code execution backdoor
2019-04-04 16:28:47