CVE-2019-13146

Published: Jul 9, 2019Modified: Jun 17, 2026

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

The field_test gem 0.3.0 for Ruby has unvalidated input. A method call that is expected to return a value from a certain set of inputs can be made to return any input, which can be dangerous depending on how applications use it. If an application treats arbitrary variants as trusted, this can lead to a variety of potential vulnerabilities like SQL injection or cross-site scripting (XSS).

Affected (1)

Products: Field Test Project: Field Test

Field Test Project

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Field Test Project Field Test	Version 0.3.0

Related CWEs

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

References (6)

http://www.securityfocus.com/bid/109114

Source: cve@mitre.org

Third Party Advisory

https://github.com/ankane/field_test/issues/17

Source: cve@mitre.org

ExploitThird Party Advisory

https://rubygems.org/gems/field_test

Source: cve@mitre.org

ProductThird Party Advisory

http://www.securityfocus.com/bid/109114

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/ankane/field_test/issues/17

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://rubygems.org/gems/field_test

Source: af854a3a-2127-422b-91ae-364da2661108

ProductThird Party Advisory

Timeline

No history available yet.