Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-RUBY-STRONGPASSWORD-451547
- published 6 Jul 2019
- disclosed 3 Jul 2019
- credit WithaTwist
How to fix?
strong_password v0.0.7 altogether. Downgrading to v0.0.6 will ensure no malicious code execution is possible.
strong_password is a is an entropy-based password strength checking for Ruby and ActiveModel
This gem was hijacked by a malicious actor, who has published v0.0.7 containing malicious code that enables them to execute remote code in production.