ADVISORIES
GEM
SEVERITY
CVSS v3.x: 9.8 (Critical)
PATCHED VERSIONS
- >= 1.6
DESCRIPTION
The 'marginalia' gem is affected by a SQL Injection vulnerability. All SQL queries are affected when a user controller argument is added as a component.
This affects users that add a component that is user controller, for instance a parameter or a header.
The issue is resolved in version 1.6.