EPSS
Percentile
51.8%
curupira is vulnerable to SQL Injection. A specifically crafted attack statement through the create function in passwords_controller.rb allows a malicious user to inject and execute arbitrary SQL queries on the target system.
create
passwords_controller.rb
github.com/advisories/GHSA-85gf-wr67-f83w
github.com/prodigasistemas/curupira/commit/93a9a77896bb66c949acb8e64bceafc74bc8c271
github.com/prodigasistemas/curupira/releases/tag/v0.1.4
vuldb.com/?ctiid.218394
vuldb.com/?id.218394