---
gem: awesome-bot
cve: 2019-15224
ghsa: 333g-rpr4-7hxq
url: https://github.com/rubygems/rubygems.org/issues/2097
date: 2019-08-20
title: Code execution backdoor in awesome-bot
description: |
  The awesome-bot gem 1.18.0 for Ruby, as distributed on RubyGems.org, included a code-execution
  backdoor inserted by a third party.

  Users of an affected version should consider downgrading to the last non-affected version of
  1.17.2 or upgrading to 1.19.x.
unaffected_versions:
  - "< 1.18.0"
  - "> 1.18.0"
related:
  url:
    - https://github.com/rubygems/rubygems.org/wiki/Gems-yanked-and-accounts-locked#19-aug-2019