CVE-2019-17268: Code Injection

February 7, 2020 (updated February 11, 2020)

The omniauth-weibo-oauth2 gem for Ruby included a code-execution backdoor inserted by a third party.

References

nvd.nist.gov/vuln/detail/CVE-2019-17268

Detect and mitigate CVE-2019-17268 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →