Merge pull request #386 from eoinkelly/CVE-2019-10842

phillmv · web-flow · commit f27c4f00a532 · 2019-04-04T12:24:33.000-04:00
Add CVE-2019-10842 - remote code execution in bootstrap-sass
diff --git a/gems/bootstrap-sass/CVE-2019-10842.yml b/gems/bootstrap-sass/CVE-2019-10842.yml
@@ -0,0 +1,25 @@
+---
+gem: bootstrap-sass
+cve: 2019-10842
+url: https://github.com/twbs/bootstrap-sass/issues/1195
+title: Remote code execution in bootstrap-sass
+date: 2019-04-04
+
+description: |
+  Arbitrary code execution (via backdoor code, when 
+  downloaded from rubygems.org) was discovered in 
+  bootstrap-sass 3.2.0.3.
+  
+  Users are advised to upgrade immediately to 3.2.0.4
+  
+  An unauthenticated attacker can craft the ___cfduid cookie value
+  with base64 arbitrary code to be executed via eval(), which can
+  be leveraged to execute arbitrary code on the target system. 
+  (Note that there are three underscore characters in the cookie name. 
+  This is unrelated to the __cfduid cookie that is legitimately used by 
+  Cloudflare.)
+
+unaffected_versions:
+  - "<= 3.2.0.2"
+patched_versions:
+  - ">= 3.2.0.4"
