CVE-2019-13146

Опубликовано: 09 июл. 2019

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

The field_test gem 0.3.0 for Ruby has unvalidated input. A method call that is expected to return a value from a certain set of inputs can be made to return any input, which can be dangerous depending on how applications use it. If an application treats arbitrary variants as trusted, this can lead to a variety of potential vulnerabilities like SQL injection or cross-site scripting (XSS).

Ссылки

http://www.securityfocus.com/bid/109114
Third Party Advisory
https://github.com/ankane/field_test/issues/17
Exploit
Third Party Advisory
https://rubygems.org/gems/field_test
Product
Third Party Advisory
http://www.securityfocus.com/bid/109114
Third Party Advisory
https://github.com/ankane/field_test/issues/17
Exploit
Third Party Advisory
https://rubygems.org/gems/field_test
Product
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:field_test_project:field_test:0.3.0:*:*:*:*:ruby:*:*

EPSS

Процентиль: 49%

0.00257

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-74

Связанные уязвимости

GHSA-wg9m-gw3h-hg83