Lucene search

FreeBSD0F154810-16E4-11E5-A1CF-002590263BF5

HistoryJun 05, 2015 - 12:00 a.m.

rubygem-paperclip -- validation bypass vulnerability

2015-06-0500:00:00

vuxml.freebsd.org

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.6%

JSON

Jon Yurek reports:

Thanks to MORI Shingo of DeNA Co., Ltd. for reporting this.
There is an issue where if an HTML file is uploaded with a .html
extension, but the content type is listed as being image/jpeg,
this will bypass a validation checking for images. But it will also
pass the spoof check, because a file named .html and containing
actual HTML passes the spoof check.
This change makes it so that we also check the supplied content
type. So even if the file contains HTML and ends with .html, it
doesn’t match the content type of image/jpeg and so it fails.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchrubygem-paperclip< 4.2.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	rubygem-paperclip	< 4.2.2	UNKNOWN

References

jvn.jp/en/jp/JVN83881261/index.html

github.com/thoughtbot/paperclip/commit/9aee4112f36058cd28d5fe4a006d6981bd1eda57

robots.thoughtbot.com/paperclip-security-release

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.6%

JSON

Related for 0F154810-16E4-11E5-A1CF-002590263BF5