CVE-2019-13146 – field_test

Package

Manager: gem
Name: field_test
Vulnerable Version: =0.3.0 || >=0.3.0 <0.3.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00257 pctl0.48872

Details

field_test gem contains injection vulnerability The field_test gem 0.3.0 for Ruby has unvalidated input. A method call that is expected to return a value from a certain set of inputs can be made to return any input, which can be dangerous depending on how applications use it. If an application treats arbitrary variants as trusted, this can lead to a variety of potential vulnerabilities like SQL injection or cross-site scripting (XSS).

Metadata

Created: 2019-07-16T00:42:27Z
Modified: 2025-03-03T13:30:18Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/07/GHSA-wg9m-gw3h-hg83/GHSA-wg9m-gw3h-hg83.json
CWE IDs: ["CWE-74"]
Alternative ID: GHSA-wg9m-gw3h-hg83
Finding: F184
Auto approve: 1