---
gem: coin_base
cve: 2019-15224
ghsa: 333g-rpr4-7hxq
url: https://github.com/rubygems.org/issues/2097
date: 2019-08-20
title: Code execution backdoor in coin_base
description: |
  The coin_base gem 4.2.1 through 4.2.2 for Ruby, as distributed on RubyGems.org, included a
  code-execution backdoor inserted by a third party.

  No unaffected version is known to exist, as the gem appears to have been entirely removed.
unaffected_versions:
  - "< 4.2.1"
  - "> 4.2.2"
related:
  url:
    - https://github.com/rubygems/rubygems.org/wiki/Gems-yanked-and-accounts-locked#19-aug-2019