Sha256: 1f330bc2a3ff187b734076baf547ab6987067090611fd46df24180ea5ffcb0bb
Contents?: true
Size: 604 Bytes
Versions: 1
Compression:
Stored size: 604 Bytes
Contents
--- gem: strong_password cve: 2019-13354 url: https://withatwist.dev/strong-password-rubygem-hijacked.html title: strong_password Ruby gem malicious version causing Remote Code Execution vulnerability date: 2019-07-05 description: | The `strong_password` gem on RubyGems.org was hijacked by a malicious actor. The malicious actor published v0.0.7 containing malicious code that enables an attacker to execute remote code in production. Upgrade `strong_password` to v0.0.8 to ensure no malicious code execution is possible. patched_versions: - ">= 0.0.8" unaffected_versions: - "!= 0.0.7"
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.7.0.1 | data/ruby-advisory-db/gems/strong_password/CVE-2019-13354.yml |