CVE-2019-16676

Published 24 days ago
Category: Code Injection
Source: GitHub
Severity: Critical

Vulnerability in simple_form

Simple Form before 5.0 has Incorrect Access Control in file_method? in lib/simple_form/form_builder.rb, because a user-supplied string is invoked as a method call.

This only happens for pages that build forms based on user input.

CVSS Metrics
Access Vector Access Complexity Authentication Confidentiality Impact Integrity Impact Availability Impact
n/a n/a n/a n/a n/a n/a
Patched Versions

>= 5.0

Unaffected Versions

n/a

References

n/a