CVSS v3.x: 9.8 (Critical)
- >= 1.6
The ‘marginalia’ gem is affected by a SQL Injection vulnerability. All SQL queries are affected when a user controller argument is added as a component.
This affects users that add a component that is user controller, for instance a parameter or a header.
The issue is resolved in version 1.6.