bootstrap-sass is a Ruby gem, the official Sass port of Bootstrap 2 and 3. On March 26, 2019, a malicious version (version 184.108.40.206) of this gem was published to the official RubyGems repository. This modified gem includes a stealthy backdoor that gives attackers remote command execution on server-side Rails applications.
Upgrade to the latest version of this Ruby gem (this issue was fixed in version 220.127.116.11).
Malicious remote code execution backdoor discovered in the popular bootstrap-sass Ruby gem
WordPress Plugin WP-Filebase Download Manager Remote Code Execution (0.3.0.03)
Drupal Core 7.x Remote Code Execution (7.0 - 7.58)
WordPress Plugin ProfileGrid-User Profiles, Memberships, Groups and Communities Remote Code Execution (2.8.5)
Liferay version older than 7.1
WordPress Plugin Easy Forms for Mailchimp PHP Code Injection (6.5.2)