CVE-2019-13354
Severity CVSS v4.0:
Pending analysis
Type:
CWE-94
Code Injection
Publication date:
08/07/2019
Last modified:
17/06/2026
Description
The strong_password gem 0.0.7 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 0.0.6.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:strong_password_project:strong_password:0.0.7:*:*:*:*:ruby:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://benjamin-bouchet.com/blog/vulnerabilite-dans-la-gem-strong_password-0-0-7/
- https://github.com/bdmac/strong_password/releases
- https://rubygems.org/gems/strong_password/versions
- https://withatwist.dev/strong-password-rubygem-hijacked.html
- https://benjamin-bouchet.com/blog/vulnerabilite-dans-la-gem-strong_password-0-0-7/
- https://github.com/bdmac/strong_password/releases
- https://rubygems.org/gems/strong_password/versions
- https://withatwist.dev/strong-password-rubygem-hijacked.html



