Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS12cjIyLTQzZ2otcngzZs4AAjgN

omniauth-weibo-oauth2 included a code-execution backdoor inserted by a third party

The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions through 0.4.5, and 0.5.1 and later, are unaffected.

Permalink: https://github.com/advisories/GHSA-vr22-43gj-rx3f
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12cjIyLTQzZ2otcngzZs4AAjgN
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago


CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Identifiers: GHSA-vr22-43gj-rx3f, CVE-2019-17268
References: Repository: https://github.com/beenhero/omniauth-weibo-oauth2

Affected Packages

rubygems:omniauth-weibo-oauth2
Dependent packages: 0
Dependent repositories: 322
Downloads: 536,777 total
Affected Version Ranges: >= 0.4.6, < 0.5.1
Fixed in: 0.5.1
All affected versions:
All unaffected versions: 0.1.0, 0.2.0, 0.3.0, 0.3.1, 0.3.2, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.4.4, 0.4.5, 0.5.1, 0.5.2