Login Sign Up

CVE-2019-14281

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2019-14281 is a supply chain attack where the datagrid Ruby gem version 1.0.6 contained a malicious backdoor inserted by a third party. This allows remote code execution on any system using this compromised gem version. All Ruby applications using datagrid 1.0.6 from RubyGems.org are affected.

💻 Affected Systems

Products:
  • datagrid Ruby gem
Versions: Version 1.0.6 only
Operating Systems: All operating systems running Ruby
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects installations from RubyGems.org; other sources may be safe. Version 1.0.6 was specifically compromised.

📦 What is this software?

Datagrid by Datagrid Project

View all CVEs affecting Datagrid →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attackers to execute arbitrary code, steal data, deploy ransomware, or pivot to other systems.

🟠

Likely Case

Remote code execution leading to data theft, cryptocurrency mining, or botnet enrollment.

🟢

If Mitigated

Limited impact if proper network segmentation and least privilege principles are implemented.

🌐 Internet-Facing: HIGH - Any internet-facing application using this gem is directly vulnerable to remote exploitation.
🏢 Internal Only: HIGH - Internal applications are equally vulnerable if they use the compromised gem.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The backdoor is built into the gem itself, making exploitation trivial once the malicious package is installed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Remove version 1.0.6 completely; use version 1.0.5 or later versions (1.0.7+)

Vendor Advisory: https://github.com/rubygems/rubygems.org/issues/2072

Restart Required: Yes

Instructions:

1. Remove datagrid 1.0.6 from your Gemfile. 2. Run 'bundle update datagrid' to install a safe version. 3. Restart your Ruby application server. 4. Verify no 1.0.6 version remains in Gemfile.lock.

🔧 Temporary Workarounds

Immediate gem removal

all

Remove the compromised gem version from your system

gem uninstall datagrid -v 1.0.6
bundle clean --force

Gem source verification

all

Verify gem integrity and source before installation

gem cert --add <trusted-cert>
gem install datagrid -P HighSecurity

🧯 If You Can't Patch

  • Network segmentation: Isolate affected systems from critical networks
  • Implement strict egress filtering to prevent command and control communication

🔍 How to Verify

Check if Vulnerable:

Check Gemfile.lock for 'datagrid (1.0.6)' or run 'gem list datagrid' and look for version 1.0.6

Check Version:

gem list datagrid | grep datagrid

Verify Fix Applied:

Verify datagrid version is NOT 1.0.6 in Gemfile.lock and 'gem list datagrid' output

📡 Detection & Monitoring

Log Indicators:

  • Unusual Ruby process execution patterns
  • Suspicious network connections from Ruby processes
  • Gem installation logs showing datagrid 1.0.6

Network Indicators:

  • Outbound connections to unknown IPs from Ruby applications
  • Unusual HTTP requests from application servers

SIEM Query:

process:ruby AND (parent_process:bundle OR parent_process:gem) AND cmdline:*datagrid*1.0.6*

📊 Metadata

CVE ID: CVE-2019-14281
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-94
Published: July 26, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-14281, you might also want to check these:

CVE-2025-62521 10.0

CVE-2025-62521 is a critical pre-authentication remote code execution vulnerability in ChurchCRM tha...

Same vulnerability type (CWE-94)
CVE-2026-26216 10.0

Crawl4AI versions before 0.8.0 contain an unauthenticated remote code execution vulnerability in the...

Same vulnerability type (CWE-94)
CVE-2021-22205 10.0

CVE-2021-22205 is a critical remote code execution vulnerability in GitLab CE/EE where improper vali...

Same vulnerability type (CWE-94)