PT-2019-13154 · Ruby · Field Test

Ankane

·

Publicado

2019-07-09

·

Atualizado

2020-08-24

·

CVE-2019-13146

CVSS v3.1

5.3

Média

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions field test gem version 0.3.0
Description The issue concerns unvalidated input in a method call, which can return any input, potentially leading to various vulnerabilities such as SQL injection or cross-site scripting (XSS) if applications treat arbitrary variants as trusted.
Recommendations For field test gem version 0.3.0, consider validating all inputs to the method call to prevent potential SQL injection or XSS attacks. As a temporary workaround, restrict the use of the method call until a patch is available.

Exploit

Correção

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74

Identificadores relacionados

CVE-2019-13146
GHSA-WG9M-GW3H-HG83

Produtos afetados

Field Test