CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-13146

The field_test gem 0.3.0 for Ruby has unvalidated input. A method call that is expected to return a value from a certain set of inputs can be made to return any input, which can be dangerous depending on how applications use it. If an application treats arbitrary variants as trusted, this can lead to a variety of potential vulnerabilities like SQL injection or cross-site scripting (XSS).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 48.9%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 5.0

References

http://www.securityfocus.com/bid/109114
https://github.com/ankane/field_test/issues/17
https://rubygems.org/gems/field_test
http://www.securityfocus.com/bid/109114
https://github.com/ankane/field_test/issues/17
https://rubygems.org/gems/field_test

Products affected by CVE-2019-13146

Field Test Project » Field Test » Version: 0.3.0

cpe:2.3:a:field_test_project:field_test:0.3.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-13146

Products

Pricing

Contact Us