Medium severity5.5NVD Advisory· Published Jan 16, 2023· Updated Jun 17, 2026
CVE-2015-10053
CVE-2015-10053
Description
A vulnerability classified as critical has been found in prodigasistemas curupira up to 0.1.3. Affected is an unknown function of the file app/controllers/curupira/passwords_controller.rb. The manipulation leads to sql injection. Upgrading to version 0.1.4 is able to address this issue. The patch is identified as 93a9a77896bb66c949acb8e64bceafc74bc8c271. It is recommended to upgrade the affected component. VDB-218394 is the identifier assigned to this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
curupiraRubyGems | < 0.1.4 | 0.1.4 |
Affected products
2- Range: 0.1.0
Patches
Vulnerability mechanics
References
7- github.com/prodigasistemas/curupira/commit/93a9a77896bb66c949acb8e64bceafc74bc8c271nvdPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-85gf-wr67-f83wghsaADVISORY
- github.com/prodigasistemas/curupira/releases/tag/v0.1.4nvdRelease NotesThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2015-10053ghsaADVISORY
- vuldb.comnvdThird Party AdvisoryWEB
- vuldb.comnvdThird Party AdvisoryWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/curupira/CVE-2015-10053.ymlghsaWEB
News mentions
0No linked articles in our index yet.