Critical severityNVD Advisory· Published Sep 30, 2019· Updated Aug 5, 2024
CVE-2019-16676
CVE-2019-16676
Description
Plataformatec Simple Form has Incorrect Access Control in file_method? in lib/simple_form/form_builder.rb, because a user-supplied string is invoked as a method call.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
simple_formRubyGems | < 5.0.0 | 5.0.0 |
Affected products
2- Plataformatec/Simple Formdescription
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- github.com/advisories/GHSA-r74q-gxcg-73hxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-16676ghsaADVISORY
- blog.plataformatec.com.br/2019/09/incorrect-access-control-in-simple-form-cve-2019-16676ghsaWEB
- blog.plataformatec.com.br/2019/09/incorrect-access-control-in-simple-form-cve-2019-16676/mitrex_refsource_CONFIRM
- github.com/heartcombo/simple_form/commit/8c91bd76a5052ddf3e3ab9fd8333f9aa7b2e2dd6ghsaWEB
- github.com/plataformatec/simple_form/commits/masterghsax_refsource_MISCWEB
- github.com/plataformatec/simple_form/security/advisories/GHSA-r74q-gxcg-73hxghsax_refsource_MISCWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/simple_form/CVE-2019-16676.ymlghsaWEB
News mentions
0No linked articles in our index yet.