CVE-2018-3779

描述

The `active-support` ruby gem gem is malware and duplicates the official `activesupport` (no hyphen) gem, but adds a compiled extension. The extension attempts to resolve a base64 encoded domain (29faea63.planfhntage.de), downloads a payload, and executes. This trojan horse gem could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system. No version of this gem should be considered safe.

如何修補 CVE-2018-3779

目前尚未發布修補版本。可考慮移除受影響套件,或參考下方連結中的上游建議。

• —未列出修補版本

CVE-2018-3779 正在被利用嗎?

中等 — EPSS 為 6.1%,可持續追蹤但非最高優先。

受影響套件(1)

• from 0

參考連結(3)

• ADVISORYgithub.com/advisories/GHSA-2j55-pcw5-x4h2
• ADVISORYnvd.nist.gov/vuln/detail/CVE-2018-3779
• WEBhackerone.com/reports/392311