Vulnerability Details CVE-2019-14282
The simple_captcha2 gem 0.2.3 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/rubygems/rubygems.org/issues/2073
- https://rubygems.org/gems/simple_captcha2/versions/
- https://snyk.io/vuln/SNYK-RUBY-SIMPLECAPTCHA2-455501
- https://github.com/rubygems/rubygems.org/issues/2073
- https://rubygems.org/gems/simple_captcha2/versions/
- https://snyk.io/vuln/SNYK-RUBY-SIMPLECAPTCHA2-455501
Products affected by CVE-2019-14282
-
cpe:2.3:a:simple_captcha2_project:simple_captcha2:0.2.3