CVE-2019-16676

Опубликовано: 30 сент. 2019

Источник: debian

Описание

Plataformatec Simple Form has Incorrect Access Control in file_method? in lib/simple_form/form_builder.rb, because a user-supplied string is invoked as a method call.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
ruby-simple-form	removed			package

Примечания

http://blog.plataformatec.com.br/2019/09/incorrect-access-control-in-simple-form-cve-2019-16676/
https://github.com/plataformatec/simple_form/commit/8c91bd76a5052ddf3e3ab9fd8333f9aa7b2e2dd6
https://github.com/plataformatec/simple_form/security/advisories/GHSA-r74q-gxcg-73hx

Связанные уязвимости

CVE-2019-16676

CVSS3: 9.8

ubuntu

больше 6 лет назад

Plataformatec Simple Form has Incorrect Access Control in file_method? in lib/simple_form/form_builder.rb, because a user-supplied string is invoked as a method call.

CVE-2019-16676

CVSS3: 9.8

nvd

больше 6 лет назад

Plataformatec Simple Form has Incorrect Access Control in file_method? in lib/simple_form/form_builder.rb, because a user-supplied string is invoked as a method call.

GHSA-r74q-gxcg-73hx

CVSS3: 9.8

github

больше 6 лет назад

Improper Input Validation in simple_form