Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:13593
HistoryApr 04, 2019 - 6:26 p.m.

Malicious Package

2019-04-0418:26:51
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8

EPSS

0.461

Percentile

97.5%

JSON

bootstrap-sass, version 3.2.0.3, is a malicious package. The vulnerability exists through a backdoor in lib/active-controller/middleware.rb in the value of the malicious ___cfduid cookie that is used in the eval function, causing arbitrary code execution attacks.

Related

nvd 1
redhatcve 1
ubuntucve 1
rubygems 1
prion 1
osv 1
cvelist 1
cve 1
github 1
nvd
nvd
CVE-2019-10842
2019-04-04 04:29:00
redhatcve
redhatcve
CVE-2019-10842
2019-04-09 13:50:19
ubuntucve
ubuntucve
CVE-2019-10842
2019-04-04 00:00:00
rubygems
rubygems
Remote code execution in bootstrap-sass
2019-04-03 21:00:00
prion
prion
Code injection
2019-04-04 04:29:00
osv
osv
Bootstrap-sass contains code execution backdoor
2019-04-04 16:28:47
cvelist
cvelist
CVE-2019-10842
2019-04-04 03:46:37
cve
cve
CVE-2019-10842
2019-04-04 04:29:00
github
github
Bootstrap-sass contains code execution backdoor
2019-04-04 16:28:47

EPSS

0.461

Percentile

97.5%

JSON
Related for VERACODE:13593
nvd1redhatcve1ubuntucve1rubygems1prion1osv1cvelist1cve1github1