Description
The field_test gem 0.3.0 for Ruby has unvalidated input. A method call that is expected to return a value from a certain set of inputs can be made to return any input, which can be dangerous depending on how applications use it. If an application treats arbitrary variants as trusted, this can lead to a variety of potential vulnerabilities like SQL injection or cross-site scripting (XSS).
References (3)
Core 3
Core References
Product, Third Party Advisory x_refsource_misc
https://rubygems.org/gems/field_test
Exploit, Third Party Advisory x_refsource_misc
https://github.com/ankane/field_test/issues/17
Third Party Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/109114
Scores
CVSS v3
5.3
EPSS
0.0025
EPSS Percentile
48.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-74
Status
published
Products (2)
field_test_project/field_test
0.3.0
rubygems/field_test
0.3.0 - 0.3.1RubyGems
Published
Jul 09, 2019
Tracked Since
Feb 18, 2026