CVE-2019-13146
Last modified
CVE-2019-13146 is a vulnerability of currently unknown severity. The field_test gem 0.3.0 for Ruby has unvalidated input. A method call that is expected to return a value from a certain set of inputs can be made to return any input, which can be dangerous depending on how applications use it. EPSS estimates a 1.45% chance of exploitation in the next 30 days.
Description
The field_test gem 0.3.0 for Ruby has unvalidated input. A method call that is expected to return a value from a certain set of inputs can be made to return any input, which can be dangerous depending on how applications use it. If an application treats arbitrary variants as trusted, this can lead to a variety of potential vulnerabilities like SQL injection or cross-site scripting (XSS).
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Field Test Project | Field Test | 0.3.0 |
References
- http://www.securityfocus.com/bid/109114Third Party Advisory
- https://github.com/ankane/field_test/issues/17Exploit, Third Party Advisory
- https://rubygems.org/gems/field_testProduct, Third Party Advisory
- http://www.securityfocus.com/bid/109114Third Party Advisory
- https://github.com/ankane/field_test/issues/17Exploit, Third Party Advisory
- https://rubygems.org/gems/field_testProduct, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-13146?
How severe is CVE-2019-13146?
How do I fix CVE-2019-13146?
Are you affected by CVE-2019-13146?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST