Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at

Advisory Archive


gem: marginalia
date: 2019-07-26
cve: 2019-1010191
title: SQL injection vulnerability via Marginalia::Comment
description: "The 'marginalia' gem is affected by a SQL Injection vulnerability. All
  SQL \nqueries are affected when a user controller argument is added as a component.\n\nThis
  affects users that add a component that is user controller, for instance\na parameter
  or a header.\n\nThe issue is resolved in version 1.6.\n"
cvss_v3: '9.8'
- ">= 1.6"