Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdnOW0tZ3czaC1oZzgz

field_test gem contains injection vulnerability

The field_test gem 0.3.0 for Ruby has unvalidated input. A method call that is expected to return a value from a certain set of inputs can be made to return any input, which can be dangerous depending on how applications use it. If an application treats arbitrary variants as trusted, this can lead to a variety of potential vulnerabilities like SQL injection or cross-site scripting (XSS).

Permalink: https://github.com/advisories/GHSA-wg9m-gw3h-hg83
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdnOW0tZ3czaC1oZzgz
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 5 years ago
Updated: over 1 year ago


CVSS Score: 5.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Identifiers: GHSA-wg9m-gw3h-hg83, CVE-2019-13146
References: Repository: https://github.com/ankane/field_test
Blast Radius: 11.4

Affected Packages

rubygems:field_test
Dependent packages: 0
Dependent repositories: 140
Downloads: 1,469,271 total
Affected Version Ranges: = 0.3.0
Fixed in: 0.3.1
All affected versions:
All unaffected versions: 0.1.0, 0.1.1, 0.1.2, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.3.0, 0.3.1, 0.3.2, 0.4.0, 0.4.1, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.5.4, 0.5.5, 0.6.0, 0.6.1, 0.7.0