Cross-Site Request Forgery (CSRF)

fieldtest is vulnerable to cross-site request forgery CSRF. The library does not verify authenticity of non-session based authentication...

field_test gem contains injection vulnerability

The fieldtest gem 0.3.0 for Ruby has unvalidated input. A method call that is expected to return a value from a certain set of inputs can be made to return any input, which can be dangerous depending on how applications use it. If an application treats arbitrary variants as trusted, this can lead...

GHSA-WG9M-GW3H-HG83 field_test gem contains injection vulnerability

The fieldtest gem 0.3.0 for Ruby has unvalidated input. A method call that is expected to return a value from a certain set of inputs can be made to return any input, which can be dangerous depending on how applications use it. If an application treats arbitrary variants as trusted, this can lead...

CVE-2019-13146

The fieldtest gem 0.3.0 for Ruby has unvalidated input. A method call that is expected to return a value from a certain set of inputs can be made to return any input, which can be dangerous depending on how applications use it. If an application treats arbitrary variants as trusted, this can lead...

Cross site scripting

The fieldtest gem 0.3.0 for Ruby has unvalidated input. A method call that is expected to return a value from a certain set of inputs can be made to return any input, which can be dangerous depending on how applications use it. If an application treats arbitrary variants as trusted, this can lead...

CVE-2019-13146

CVE-2019-13146 concerns the field_test gem (Ruby) 0.3.0, where unvalidated input allows a method to return arbitrary inputs. The root cause is acceptance of arbitrary variants from user-supplied input, enabling potential SQL injection or XSS when trusted values are used. Multiple connected source...