CVE-2023-49090

2023-11-2915:15:08

CWE-79

[email protected]

web.nvd.nist.gov

carrierwave

content-type

allowlist

bypass

vulnerability

xss

ruby

web frameworks

cve-2023-49090

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.9%

JSON

CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in allowlisted_content_type? determines Content-Type permissions by performing a partial match. If the content_type argument of allowlisted_content_type? is passed a value crafted by the attacker, Content-Types not included in the content_type_allowlist will be allowed. This issue has been patched in versions 2.2.5 and 3.0.5.

Affected configurations

Vulners

NVD

Node

carrierwaveuploadercarrierwaveRange2.2.0–2.2.5

carrierwaveuploadercarrierwaveRange3.0.0–3.0.5

CPENameOperatorVersion
carrierwave_project:carrierwavecarrierwave project carrierwavelt2.2.5
carrierwave_project:carrierwavecarrierwave project carrierwavelt3.0.5

CPE	Name	Operator	Version
carrierwave_project:carrierwave	carrierwave project carrierwave	lt	2.2.5
carrierwave_project:carrierwave	carrierwave project carrierwave	lt	3.0.5

CNA Affected

[
  {
    "vendor": "carrierwaveuploader",
    "product": "carrierwave",
    "versions": [
      {
        "version": ">= 2.2.0, < 2.2.5",
        "status": "affected"
      },
      {
        "version": ">= 3.0.0, < 3.0.5",
        "status": "affected"
      }
    ]
  }
]