Lucene search
Veracode Vulnerability DatabaseVERACODE:21585HistorySep 30, 2019 - 4:08 a.m.
Authorization Bypass
2019-09-3004:08:13
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
EPSS
0.006
Percentile
79.0%
simple_form is vulnerable to authorization bypass. The vulnerability exists as file_method? was incorrectly called in lib/simple_form/form_builder.rb, allowing a user-supplied string to be invoked as a method call through #send.
References
blog.plataformatec.com.br/2019/09/incorrect-access-control-in-simple-form-cve-2019-16676/
github.com/plataformatec/simple_form/commit/8c91bd76a5052ddf3e3ab9fd8333f9aa7b2e2dd6
github.com/plataformatec/simple_form/commits/master
github.com/plataformatec/simple_form/security/advisories/GHSA-r74q-gxcg-73hx
github.com/rubysec/ruby-advisory-db/pull/417
Related
ubuntucve
ubuntucve
CVE-2019-16676
2019-09-30 00:00:00
osv
osv
CVE-2019-16676
2019-09-30 12:15:10
Improper Input Validation in simple_form
2019-09-30 19:41:15
nvd
nvd
CVE-2019-16676
2019-09-30 12:15:10
cve
cve
CVE-2019-16676
2019-09-30 12:15:10
prion
prion
Design/Logic Flaw
2019-09-30 12:15:00
rubygems
rubygems
cvelist
cvelist
CVE-2019-16676
2019-09-30 11:43:11
github
github
Improper Input Validation in simple_form
2019-09-30 19:41:15