ADVISORIES

• CVE-2019-1010191 (NVD)
• GHSA-hrj5-qp7x-rpg6
• Vendor Advisory

GEM

marginalia

SEVERITY

CVSS v3.x: 9.8 (Critical)

PATCHED VERSIONS

• >= 1.6

DESCRIPTION

The ‘marginalia’ gem is affected by a SQL Injection vulnerability. All SQL queries are affected when a user controller argument is added as a component.

This affects users that add a component that is user controller, for instance a parameter or a header.

The issue is resolved in version 1.6.