strong_password Ruby gem malicious version causing Remote Code Execution vulnerability

The strongpassword gem 0.0.7 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Version 0.0.8 does not contain the backdoor...

CVE-2019-13354

The strongpassword gem 0.0.7 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 0.0.6...

CVE-2019-13354

The strongpassword gem 0.0.7 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 0.0.6...

CVE-2019-13354

CVE-2019-13354 concerns the Ruby gem strong_password ; the 0.0.7 release on RubyGems.org was hijacked to include a backdoor enabling remote code execution. The malicious package allowed code execution if exploited, with fixes deployed in 0.0.8 (per multiple sources). Public references consistentl...

Malicious Package

strongpassword v0.0.7 is a malicious package. The vulnerability exists as it hides a remote code execution exploit in this version of the gem. The package contents from https://pastebin.com/raw/xa456PFt would then be executed...

strong_password Ruby gem malicious version causing Remote Code Execution vulnerability

The strongpassword gem on RubyGems.org was hijacked by a malicious actor. The malicious actor published v0.0.7 containing malicious code that enables an attacker to execute remote code in production. Upgrade strongpassword to v0.0.8 to ensure no malicious code execution is possible...