Add CVE-2019-13146 for field_test (#395)

Author: ankane

gems/field_test/CVE-2019-13146.yml

@@ -0,0 +1,20 @@
+---
+gem: field_test
+cve: 2019-13146
+url: https://github.com/ankane/field_test/issues/17
+title: Arbitrary Variants Via Query Parameters
+date: 2019-07-01
+description: |
+  Due to unvalidated input, an attacker can pass in
+  arbitrary variants via query parameters.
+
+  If an application treats variants as trusted, this can
+  lead to potential vulnerabilities like SQL injection
+  or cross-site scripting (XSS). For instance:
+
+  landing_page = field_test(:landing_page)
+  Page.where("key = '#{landing_page}'")
+patched_versions:
+  - ">= 0.3.1"
+unaffected_versions:
+  - "< 0.3.0"