Critical severityNVD Advisory· Published Jul 24, 2019· Updated Aug 5, 2024
CVE-2019-1010191
CVE-2019-1010191
Description
marginalia < 1.6 is affected by: SQL Injection. The impact is: The impact is a injection of any SQL queries when a user controller argument is added as a component. The component is: Affects users that add a component that is user controller, for instance a parameter or a header. The attack vector is: Hacker inputs a SQL to a vulnerable vector(header, http parameter, etc). The fixed version is: 1.6.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
marginaliaRubyGems | < 1.6 | 1.6 |
Affected products
1- Range: < 1.6 [fixed: 1.6]
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-hrj5-qp7x-rpg6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-1010191ghsaADVISORY
- github.com/basecamp/marginalia/pull/73ghsaWEB
- github.com/basecamp/marginalia/pull/73/mitrex_refsource_MISC
- github.com/rubysec/ruby-advisory-db/blob/master/gems/marginalia/CVE-2019-1010191.ymlghsaWEB
News mentions
0No linked articles in our index yet.