Contents

---
gem: marginalia
cve: 2019-1010191
url: https://github.com/basecamp/marginalia/pull/73
date: 2019-07-26
title: SQL injection vulnerability via Marginalia::Comment
description: |
  The 'marginalia' gem is affected by a SQL Injection vulnerability. All SQL 
  queries are affected when a user controller argument is added as a component.

  This affects users that add a component that is user controller, for instance
  a parameter or a header.

  The issue is resolved in version 1.6.
patched_versions:
  - ">= 1.6"
cvss_v3: 9.8

Version data entries

1 entries across 1 versions & 1 rubygems

Version	Path
bundler-audit-0.7.0.1	data/ruby-advisory-db/gems/marginalia/CVE-2019-1010191.yml