Sha256: cd2b13ff5b19d9b1c56775c6afef43d2b457176593aba656a922280b0b23ef85
Contents?: true
Size: 574 Bytes
Versions: 1
Compression:
Stored size: 574 Bytes
Contents
---
gem: field_test
cve: 2019-13146
url: https://github.com/ankane/field_test/issues/17
title: Arbitrary Variants Via Query Parameters
date: 2019-07-01
description: |
Due to unvalidated input, an attacker can pass in
arbitrary variants via query parameters.
If an application treats variants as trusted, this can
lead to potential vulnerabilities like SQL injection
or cross-site scripting (XSS). For instance:
landing_page = field_test(:landing_page)
Page.where("key = '#{landing_page}'")
patched_versions:
- ">= 0.3.1"
unaffected_versions:
- "< 0.3.0"
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.7.0.1 | data/ruby-advisory-db/gems/field_test/CVE-2019-13146.yml |