CVE-2019-13146

field_test

on gem

ankane/field_test

on github

Published

July 9, 2019

Severity

CVSS v3:

5.3 MEDIUM

CVSS v2:

5 MEDIUM

Description

The field_test gem 0.3.0 for Ruby has unvalidated input. A method call that is expected to return a value from a certain set of inputs can be made to return any input, which can be dangerous depending on how applications use it. If an application treats arbitrary variants as trusted, this can lead to a variety of potential vulnerabilities like SQL injection or cross-site scripting (XSS).

References

https://rubygems.org/gems/field_test
https://github.com/ankane/field_test/issues/17
http://www.securityfocus.com/bid/109114

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:field_test_project:field_test:0.3.0:::::ruby::	n/a	n/a	0.3.0

External Links

NVD - CVE-2019-13146