CVE-2019-14281

The datagrid gem 1.0.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party.
Configurations

Configuration 1 (hide)

cpe:2.3:a:datagrid_project:datagrid:1.0.6:*:*:*:*:ruby:*:*

History

21 Nov 2024, 04:26

Type Values Removed Values Added
References () https://github.com/rubygems/rubygems.org/issues/2072 - Third Party Advisory () https://github.com/rubygems/rubygems.org/issues/2072 - Third Party Advisory
References () https://rubygems.org/gems/datagrid/versions - Third Party Advisory () https://rubygems.org/gems/datagrid/versions - Third Party Advisory
References () https://snyk.io/vuln/SNYK-RUBY-DATAGRID-455500 - () https://snyk.io/vuln/SNYK-RUBY-DATAGRID-455500 -

Information

Published : 2019-07-26 05:15

Updated : 2024-11-21 04:26


NVD link : CVE-2019-14281

Mitre link : CVE-2019-14281

CVE.ORG link : CVE-2019-14281


JSON object : View

Products Affected

datagrid_project

  • datagrid
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')