2 matches found
CVE-2019-13146
The fieldtest gem 0.3.0 for Ruby has unvalidated input. A method call that is expected to return a value from a certain set of inputs can be made to return any input, which can be dangerous depending on how applications use it. If an application treats arbitrary variants as trusted, this can lead...
CVE-2019-13146
CVE-2019-13146 concerns the field_test gem (Ruby) 0.3.0, where unvalidated input allows a method to return arbitrary inputs. The root cause is acceptance of arbitrary variants from user-supplied input, enabling potential SQL injection or XSS when trusted values are used. Multiple connected source...