CVE-2019-17268 report for omniauth-weibo-oauth2 #36
Comments
|
Hi Maciej,
thank you, i will take a look at tomorrow.
…-Never
Maciej Mensfeld <notifications@github.com> 于2019年10月9日周三 下午8:17写道:
Hey,
I took courtesy of reporting the malicious code injection in 0.4.6 into
the CVE database.
https://diff.coditsu.io/gems/omniauth-weibo-oauth2/0.4.3/0.4.6
Just wanted to let you know. They initially assigned the CVE-2019-17268.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#36?email_source=notifications&email_token=AAVK66GIST2QQWQBZM2Y563QNXDW5A5CNFSM4I66SKI2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4HQTZIXQ>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAVK66BSIILGTVYZJKNFUULQNXDW5ANCNFSM4I66SKIQ>
.
|
|
ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17268 I believe that info about this breach should be more exposed. |
|
Hi @mensfeld , Thank you for your information, get a CVE number make me feel surprised, I sent the abuse report to ISP for now. more information see the Issue report please: EDITED: update the report: |
|
Thank you! I did id so tools like Too many people use automatic dependencies upgrade tools, that's why I'm super paranoic about stuff like this. I will close this issue as now it's on the Mitre side to verify. |
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Hey,
I took courtesy of reporting the malicious code injection in
0.4.6into the CVE database.https://diff.coditsu.io/gems/omniauth-weibo-oauth2/0.4.3/0.4.6
Just wanted to let you know. They initially assigned the
CVE-2019-17268.The text was updated successfully, but these errors were encountered: