paperclip Server-Side Request Forgery vulnerability

2018-01-2213:31:34

Google

osv.dev

0.003 Low

EPSS

Percentile

70.4%

JSON

Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources.

CPENameOperatorVersion
paperclipeq4.2.1
paperclipeq4.3.3
paperclipeq4.2.2
paperclipeq4.2.4
paperclipeq3.4.1
paperclipeq3.5.4
paperclipeq3.5.1
paperclipeq3.4.2
paperclipeq4.3.1
paperclipeq4.3.6

Name	Operator	Version
paperclip	eq	4.2.1
paperclip	eq	4.3.3
paperclip	eq	4.2.2
paperclip	eq	4.2.4
paperclip	eq	3.4.1
paperclip	eq	3.5.4
paperclip	eq	3.5.1
paperclip	eq	3.4.2
paperclip	eq	4.3.1
paperclip	eq	4.3.6