CVE-2019-17268 Information
Feb 14, 2021
cve
Description
The omniauth-weibo-oauth2 gem 0.4.6 for Ruby as distributed on RubyGems.org included a code-execution backdoor inserted by a third party. Versions through 0.4.5 and 0.5.1 and later are unaffected.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://diff.coditsu.io/diffs/09a05c37-1b34-49e1-ac94-d4dda40d1ad1d2h-971595 https://github.com/beenhero/omniauth-weibo-oauth2/issues/36
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: