Server side request forgery (ssrf)

2017-11-1317:29:00

PRIOn knowledge base

www.prio-n.com

9.2 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.4%

JSON

Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources.

CPENameOperatorVersion
paperclipge3.1.4
papercliplt5.2.0

CPE	Name	Operator	Version
	paperclip	ge	3.1.4
	paperclip	lt	5.2.0

References

github.com/thoughtbot/paperclip/pull/2435

hackerone.com/reports/209430

hackerone.com/reports/713