Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Remote code execution in bootstrap-sass 3.2.0.3 - Vulnerability Database

Remote code execution in bootstrap-sass 3.2.0.3

Description

bootstrap-sass is an official Sass port of Bootstrap distributed as a Ruby gem. On March 26, 2019, attackers compromised the RubyGems repository and published a malicious version 3.2.0.3 containing a backdoor. This backdoor enables remote code execution on any Rails application using the compromised gem version, allowing attackers to execute arbitrary commands on affected servers without authentication.

Remediation

Take immediate action to remediate this critical vulnerability:

1. Identify affected systems: Check your Gemfile.lock for bootstrap-sass version 3.2.0.3

2. Upgrade immediately: Update to bootstrap-sass version 3.2.0.4 or later by running:

gem update bootstrap-sass
bundle update bootstrap-sass

3. Verify the update: Confirm the malicious version is removed from your Gemfile.lock

4. Assess compromise: Review server logs for suspicious ___cfduid cookie activity and unauthorized command execution between March 26, 2019 and the remediation date

5. Rotate credentials: If compromise is suspected, rotate all secrets, API keys, and credentials accessible from the affected system

6. Redeploy: Rebuild and redeploy applications to ensure the malicious code is completely removed from production environments

References

Malicious remote code execution backdoor discovered in the popular bootstrap-sass Ruby gem
bootstrap-sass backdoor github issue

Related Vulnerabilities

Code Evaluation (Python) Critical
Common tags: Code Execution OOB Vulnerabilities
GhostScript RCE (Remote Code Execution) Critical
Common tags: Code Execution OOB Vulnerabilities
Oracle Reports rwservlet vulnerabilities High
Common tags: Code Execution OOB Vulnerabilities
Ivanti Sentry Authentication Bypass (CVE-2023-38035) Critical
Common tags: Code Execution OOB Vulnerabilities
Data Binding Expression Vulnerability in Spring Web Flow High
Common tags: Code Execution OOB Vulnerabilities

Severity

High

Classification

CVE-2019-10842
CWE-95
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution
OOB Vulnerabilities