Add CVE-2019-13354 for strong_password v0.0.7 RCE (#398)

strong_password v0.0.7 was a malicious version uploaded to RubyGems

Author: tute

gems/strong_password/CVE-2019-13354.yml

@@ -0,0 +1,16 @@
+---
+gem: strong_password
+cve: 2019-13354
+url: https://withatwist.dev/strong-password-rubygem-hijacked.html
+title: strong_password Ruby gem malicious version causing Remote Code Execution vulnerability
+date: 2019-07-05
+
+description: |
+  The `strong_password` gem on RubyGems.org was hijacked by a malicious actor. The
+  malicious actor published v0.0.7 containing malicious code that enables an attacker
+  to execute remote code in production.
+
+  Downgrade `strong_password` to v0.0.6 to ensure no malicious code execution is possible.
+
+unaffected_versions:
+  - != 0.0.7