CVE-2019-1010191

Name of the Vulnerable Software and Affected Versions: marginalia versions prior to 1.6

Description: The issue allows for SQL Injection, enabling the injection of any SQL queries when a user controller argument is added as a component. This affects users who add components that are user-controlled, such as parameters or headers. The attack vector involves inputting SQL into a vulnerable vector, including headers or HTTP parameters.

Recommendations: For versions prior to 1.6, update to version 1.6 to resolve the issue. As a temporary workaround, consider restricting the use of user-controlled components, such as parameters or headers, to minimize the risk of exploitation. Avoid using vulnerable vectors, including headers or HTTP parameters, until the issue is resolved.