The strong_password gem 0.0.7 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. Version 0.0.8 does not contain the backdoor.
{
"github_reviewed_at": "2019-07-08T20:32:08Z",
"nvd_published_at": "2019-07-08T14:15:10Z",
"github_reviewed": true,
"cwe_ids": [
"CWE-94"
],
"severity": "CRITICAL"
}