CVE-2019-13146

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-13146

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-13146.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-13146

Aliases

GHSA-wg9m-gw3h-hg83

Published

2019-07-09T18:15:11Z

Modified

2024-05-14T06:45:24.905864Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

The field_test gem 0.3.0 for Ruby has unvalidated input. A method call that is expected to return a value from a certain set of inputs can be made to return any input, which can be dangerous depending on how applications use it. If an application treats arbitrary variants as trusted, this can lead to a variety of potential vulnerabilities like SQL injection or cross-site scripting (XSS).

References

Affected packages

Git / github.com/ankane/field_test

Affected ranges

Type: GIT
Repo: https://github.com/ankane/field_test
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

9effff8e673bf3a645308807d91a26e6ac8c6f91

Affected versions

v0.*

v0.1.0

v0.1.1

v0.1.2

v0.2.0

v0.2.1

v0.2.2

v0.2.3

v0.2.4

v0.3.0