CVE-2019-16676

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-16676

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-16676.json

Aliases

GHSA-r74q-gxcg-73hx

Published

2019-09-30T12:15:10Z

Modified

2023-11-29T07:13:58.794749Z

Details

Plataformatec Simple Form has Incorrect Access Control in filemethod? in lib/simpleform/form_builder.rb, because a user-supplied string is invoked as a method call.

References

http://blog.plataformatec.com.br/2019/09/incorrect-access-control-in-simple-form-cve-2019-16676/
https://github.com/plataformatec/simple_form/security/advisories/GHSA-r74q-gxcg-73hx
https://github.com/plataformatec/simple_form/commits/master

Affected packages

Git / github.com/plataformatec/simple_form

Affected ranges

Type: GIT
Repo: https://github.com/plataformatec/simple_form
Events: Introduced

0The exact introduced commit is unknown

Fixed

440ed5f2fe093d9066940ab6979099a409576ad9

Affected versions

v1.*

v1.0.0

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.2.0

v1.2.1

v1.2.2

v1.3.0

v1.3.1

v1.4.0

v1.4.1

v1.4.2

v1.5.0

v2.*

v2.0.0

v2.0.0.rc

v2.0.1

v2.0.2

v2.0.3

v3.*

v3.0.0

v3.0.0.beta1

v3.0.0.rc

v3.0.1

v3.1.0

v3.1.0.rc1

v3.1.0.rc2

v3.1.1

v3.2.0

v3.2.1

v3.3.0

v3.3.1

v3.4.0

v3.5.0

v3.5.1

v4.*

v4.0.0

v4.0.1

v4.1.0