Vulnerabilities > CVE-2019-13589 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in Anjlab Paranoid2 1.1.6
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The paranoid2 gem 1.1.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.1.5.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- http://www.securityfocus.com/bid/109281
- http://www.securityfocus.com/bid/109281
- https://github.com/rubygems/rubygems.org/issues/2051
- https://github.com/rubygems/rubygems.org/issues/2051
- https://rubygems.org/gems/paranoid2/versions
- https://rubygems.org/gems/paranoid2/versions
- https://snyk.io/vuln/SNYK-RUBY-PARANOID2-451600
- https://snyk.io/vuln/SNYK-RUBY-PARANOID2-451600