CVE-2019-13354

Published 3 months ago
Category: Code Injection
Severity: Critical

Vulnerability in strong_password

The strong_password gem on RubyGems.org was hijacked by a malicious actor. The malicious actor published v0.0.7 containing malicious code that enables an attacker to execute remote code in production.

Downgrade strong_password to v0.0.6 to ensure no malicious code execution is possible.

CVSS Metrics
Access Vector Access Complexity Authentication Confidentiality Impact Integrity Impact Availability Impact
n/a n/a n/a n/a n/a n/a
Patched Versions

>= 0.0.8

Unaffected Versions

!= 0.0.7

References

n/a