CVE-2019-13589

2019-07-1415:03:37

mitre

www.cve.org

AI Score

9.6

Confidence

High

EPSS

0.018

Percentile

88.3%

JSON

The paranoid2 gem 1.1.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.1.5.

References

www.securityfocus.com/bid/109281

github.com/rubygems/rubygems.org/issues/2051

rubygems.org/gems/paranoid2/versions

snyk.io/vuln/SNYK-RUBY-PARANOID2-451600