{
  "schema_version": "1.4.0",
  "id": "GHSA-2j55-pcw5-x4h2",
  "modified": "2023-01-18T21:33:05Z",
  "published": "2018-08-13T15:02:49Z",
  "aliases": [
    "CVE-2018-3779"
  ],
  "summary": "active-support impersonates 'activesupport' gem",
  "details": "The `active-support` ruby gem gem is malware and duplicates the official `activesupport` (no hyphen) gem, but adds a compiled extension. The extension attempts to resolve a base64 encoded domain (29faea63.planfhntage.de), downloads a payload, and executes.\n \nThis trojan horse gem could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system.  No version of this gem should be considered safe.",
  "severity": [],
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "active-support"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3779"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/392311"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-2j55-pcw5-x4h2"
    }
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-77"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T20:52:19Z",
    "nvd_published_at": null
  }
}