CVE-2019-13146

Published 17 days ago
Category: SQL Injection
Source: GitHub
Severity: Severe

Vulnerability in field_test

Due to unvalidated input, an attacker can pass in arbitrary variants via query parameters.

If an application treats variants as trusted, this can lead to potential vulnerabilities like SQL injection or cross-site scripting (XSS). For instance:

landing_page = field_test(:landing_page) Page.where(“key = ‘#{landing_page}’”)

CVSS Metrics
Access Vector Access Complexity Authentication Confidentiality Impact Integrity Impact Availability Impact
n/a n/a n/a n/a n/a n/a
Patched Versions

>= 0.3.1

Unaffected Versions

< 0.3.0

References

n/a