Critical severityNVD Advisory· Published Aug 19, 2019· Updated Aug 5, 2024
CVE-2019-15224
CVE-2019-15224
Description
The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions <=1.6.9 and >=1.6.14 are unaffected.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
rest-clientRubyGems | >= 1.6.10, < 1.7.0 | 1.7.0 |
cron_parserRubyGems | >= 1.0.13, <= 1.0.14 | — |
coin_baseRubyGems | >= 0 | — |
blockchain_walletRubyGems | >= 0 | — |
awesome-botRubyGems | >= 0 | — |
doge-coinRubyGems | >= 0 | — |
capistrano-colorsRubyGems | >= 0 | — |
bitcoin_vanityRubyGems | >= 0 | — |
coming-soonRubyGems | >= 0 | — |
omniauth_amazonRubyGems | >= 0 | — |
Affected products
11- Ruby/rest-clientdescription
- ghsa-coords10 versionspkg:gem/awesome-botpkg:gem/bitcoin_vanitypkg:gem/blockchain_walletpkg:gem/capistrano-colorspkg:gem/coin_basepkg:gem/coming-soonpkg:gem/cron_parserpkg:gem/doge-coinpkg:gem/omniauth_amazonpkg:gem/rest-client
>= 0+ 9 more
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 1.0.13, <= 1.0.14
- (no CPE)range: >= 0
- (no CPE)range: >= 0
- (no CPE)range: >= 1.6.10, < 1.7.0
Patches
Vulnerability mechanics
References
11- github.com/advisories/GHSA-333g-rpr4-7hxqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-15224ghsaADVISORY
- github.com/rest-client/rest-client/issues/713ghsax_refsource_MISCWEB
- github.com/rubygems/rubygems.org/issues/2097ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/blockchain_wallet/CVE-2019-15224.ymlghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/coin_base/CVE-2019-15224.ymlghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/doge-coin/CVE-2019-15224.ymlghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/lita_coin/CVE-2019-15224.ymlghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/omniauth_amazon/CVE-2019-15224.ymlghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/rest-client/CVE-2019-15224.ymlghsaWEB
- rubygems.org/gems/rest-client/versions/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.