CVE-2024-29034
- EPSS 0.08%
- Veröffentlicht 24.03.2024 20:15:07
- Zuletzt bearbeitet 07.11.2025 01:41:46
CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. The vulnerability CVE-2023-49090 wasn't fully addressed. This vulnerability is caused by the fact that when uploading to object storage, including Amazon S3,...
CVE-2023-49090
- EPSS 0.14%
- Veröffentlicht 29.11.2023 15:15:08
- Zuletzt bearbeitet 21.11.2024 08:32:48
CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in `allowlisted_content_type?` determines Content-Type...
CVE-2021-21288
- EPSS 0.2%
- Veröffentlicht 08.02.2021 20:15:12
- Zuletzt bearbeitet 21.11.2024 05:47:56
CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF vulnerability, allowing attacks to provide DNS entr...
CVE-2021-21305
- EPSS 2.82%
- Veröffentlicht 08.02.2021 20:15:12
- Zuletzt bearbeitet 21.11.2024 05:47:59
CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1, there is a code injection vulnerability. The "#manipulate!" method inappropriately ...