CVE-2019-15224

CRITICAL

Rest-client < 1.6.13 - Code Injection

Title source: rule

Description

The rest-client gem 1.6.10 through 1.6.13 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Versions <=1.6.9 and >=1.6.14 are unaffected.

Exploits (1)

nomisec SCANNER 1 stars

by chef-cft · poc

https://github.com/chef-cft/inspec_cve_2019_15224

View Code ZIP pw:eip

References (2)

[Issue Tracking, Third Party Advisory] https://github.com/rest-client/rest-client/issues/713

[Product] https://rubygems.org/gems/rest-client/versions/

Scores

CVSS v3 9.8

EPSS 0.0216

EPSS Percentile 84.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-94

Status published

Products (11)

rest-client_project/rest-client 1.6.10 - 1.6.13

rubygems/awesome-bot 0RubyGems

rubygems/bitcoin_vanity 0RubyGems

rubygems/blockchain_wallet 0RubyGems

rubygems/capistrano-colors 0RubyGems

rubygems/coin_base 0RubyGems

rubygems/coming-soon 0RubyGems

rubygems/cron_parser 1.0.13RubyGems

rubygems/doge-coin 0RubyGems

rubygems/omniauth_amazon 0RubyGems

... and 1 more

Published Aug 19, 2019

Tracked Since Feb 18, 2026