Critical severity9.8NVD Advisory· Published Jul 24, 2019· Updated Jun 17, 2026
CVE-2019-1010191
CVE-2019-1010191
Description
marginalia < 1.6 is affected by: SQL Injection. The impact is: The impact is a injection of any SQL queries when a user controller argument is added as a component. The component is: Affects users that add a component that is user controller, for instance a parameter or a header. The attack vector is: Hacker inputs a SQL to a vulnerable vector(header, http parameter, etc). The fixed version is: 1.6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
marginaliaRubyGems | < 1.6 | 1.6 |
Affected products
2- Range: < 1.6 [fixed: 1.6]
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-hrj5-qp7x-rpg6ghsaADVISORY
- github.com/basecamp/marginalia/pull/73/nvdIssue TrackingThird Party Advisory
- nvd.nist.gov/vuln/detail/CVE-2019-1010191ghsaADVISORY
- github.com/basecamp/marginalia/pull/73ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/marginalia/CVE-2019-1010191.ymlghsaWEB
News mentions
0No linked articles in our index yet.