CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-13589

The paranoid2 gem 1.1.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.1.5.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.062

EPSS Ranking 90.5%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

http://www.securityfocus.com/bid/109281
https://github.com/rubygems/rubygems.org/issues/2051
https://rubygems.org/gems/paranoid2/versions
https://snyk.io/vuln/SNYK-RUBY-PARANOID2-451600
http://www.securityfocus.com/bid/109281
https://github.com/rubygems/rubygems.org/issues/2051
https://rubygems.org/gems/paranoid2/versions
https://snyk.io/vuln/SNYK-RUBY-PARANOID2-451600

Products affected by CVE-2019-13589

Anjlab » Paranoid2 » Version: 1.1.6

cpe:2.3:a:anjlab:paranoid2:1.1.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-13589

Products

Pricing

Contact Us