-
-
Notifications
You must be signed in to change notification settings - Fork 237
Expand file tree
/
Copy pathCVE-2015-10053.yml
More file actions
23 lines (23 loc) · 883 Bytes
/
Copy pathCVE-2015-10053.yml
File metadata and controls
23 lines (23 loc) · 883 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
---
gem: curupira
cve: 2015-10053
ghsa: 85gf-wr67-f83w
url: https://github.com/prodigasistemas/curupira/commit/93a9a77896bb66c949acb8e64bceafc74bc8c271
title: curupira is vulnerable to SQL injection
date: 2023-01-16
description: |
A vulnerability classified as critical has been found in prodigasistemas
curupira up to 0.1.3. Affected is an unknown function of the file
app/controllers/curupira/passwords_controller.rb.
The manipulation leads to sql injection. Upgrading to version 0.1.4 is able
to address this issue. The name of the patch is
93a9a77896bb66c949acb8e64bceafc74bc8c271. It is recommended to upgrade the
affected component. VDB-218394 is the identifier assigned to this
vulnerability.
cvss_v3: 9.8
patched_versions:
- ">= 0.1.4"
related:
url:
- https://github.com/prodigasistemas/curupira/releases/tag/v0.1.4
- https://vuldb.com/?id.218394