Code backdoor in simple_captcha2

2019-07-3104:21:19

Google

osv.dev

0.009 Low

EPSS

Percentile

83.0%

The simple_captcha2 gem 0.2.3 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party.

CPENameOperatorVersion
simple_captcha2eq0.2.3

CPE	Name	Operator	Version
	simple_captcha2	eq	0.2.3

References

github.com/pludoni/simple-captcha

github.com/rubygems/rubygems.org/issues/2073

github.com/rubysec/ruby-advisory-db/blob/master/gems/simple_captcha2/CVE-2019-14282.yml

nvd.nist.gov/vuln/detail/CVE-2019-14282

rubygems.org/gems/simple_captcha2/versions

security.snyk.io/vuln/SNYK-RUBY-SIMPLECAPTCHA2-455501

0.009 Low

EPSS

Percentile

83.0%

Related for OSV:GHSA-WG6J-R28M-7293