211 matches found
Rails Active Storage has possible Path Traversal in DiskService
Impact Active Storage's DiskServicepathfor does not validate that the resolved filesystem path remains within the storage root directory. If a blob key containing path traversal sequences e.g. ../ is used, it could allow reading, writing, or deleting arbitrary files on the server. Blob keys are...
GHSA-9XRJ-H377-FR87 Rails Active Storage has possible Path Traversal in DiskService
Impact Active Storage's DiskServicepathfor does not validate that the resolved filesystem path remains within the storage root directory. If a blob key containing path traversal sequences e.g. ../ is used, it could allow reading, writing, or deleting arbitrary files on the server. Blob keys are...
Rails Active Storage has a possible DoS vulnerability when in proxy mode via Range requests
Impact When serving files through Active Storage's Blobs::ProxyController, the controller loads the entire requested byte range into memory before sending it. A request with a large or unbounded Range header e.g. bytes=0- could cause the server to allocate memory proportional to the file size,...
EUVD-2026-14628
Rails Active Storage has a possible DoS vulnerability when in proxy mode via Range requests...
GHSA-R46P-8F7G-VVVG Rails Active Storage has a possible DoS vulnerability when in proxy mode via Range requests
Impact When serving files through Active Storage's Blobs::ProxyController, the controller loads the entire requested byte range into memory before sending it. A request with a large or unbounded Range header e.g. bytes=0- could cause the server to allocate memory proportional to the file size,...
Rails Active Storage has possible content type bypass via metadata in direct uploads
Impact Active Storage's DirectUploadsController accepts arbitrary metadata from the client and persists it on the blob. Because internal flags like identified and analyzed are stored in the same metadata hash, a malicious direct-upload client could set these flags. Releases The fixed releases are...
EUVD-2026-14626
Rails Active Storage has possible content type bypass via metadata in direct uploads...
GHSA-QCFX-2MFW-W4CG Rails Active Storage has possible content type bypass via metadata in direct uploads
Impact Active Storage's DirectUploadsController accepts arbitrary metadata from the client and persists it on the blob. Because internal flags like identified and analyzed are stored in the same metadata hash, a malicious direct-upload client could set these flags. Releases The fixed releases are...
Rails 路径遍历漏洞
Rails is an open-source web application framework based on the Ruby language, developed by the Rails team in the United States. Versions of Rails Active Storage prior to 8.1.2.1, 8.0.4.1, and 7.2.3.1 contained a path traversal vulnerability. This vulnerability stemmed from the lack of verificatio...
PT-2026-27259
Name of the Vulnerable Software and Affected Versions Rails versions prior to 8.1.2.1 Rails versions prior to 8.0.4.1 Rails versions prior to 7.2.3.1 Description Active Storage in Rails applications allows users to attach files from cloud and local sources. Prior to versions 8.1.2.1, 8.0.4.1, and...
PT-2026-27260
Name of the Vulnerable Software and Affected Versions Rails versions prior to 8.1.2.1 Rails versions prior to 8.0.4.1 Rails versions prior to 7.2.3.1 Description Active Storage in Rails applications allows users to attach cloud and local files. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, the...
Rails Active Storage has possible glob injection in its DiskService
Impact Active Storage's DiskServicedeleteprefixed passes blob keys directly to Dir.glob without escaping glob metacharacters. If a blob key contains attacker-controlled input or custom-generated keys with glob metacharacters, it may be possible to delete unintended files from the storage director...
Rails Active Storage has possible Path Traversal in DiskService
Impact Active Storage's DiskServicepathfor does not validate that the resolved filesystem path remains within the storage root directory. If a blob key containing path traversal sequences e.g. ../ is used, it could allow reading, writing, or deleting arbitrary files on the server. Blob keys are...
Rails Active Storage has possible content type bypass via metadata in direct uploads
Impact Active Storage's DirectUploadsController accepts arbitrary metadata from the client and persists it on the blob. Because internal flags like identified and analyzed are stored in the same metadata hash, a malicious direct-upload client could set these flags. Releases The fixed releases are...
Rails Active Storage has a possible DoS vulnerability when in proxy mode via Range requests
Impact When serving files through Active Storage's Blobs::ProxyController, the controller loads the entire requested byte range into memory before sending it. A request with a large or unbounded Range header e.g. bytes=0- could cause the server to allocate memory proportional to the file size,...
PT-2026-27263
Name of the Vulnerable Software and Affected Versions Rails versions prior to 8.1.2.1 Rails versions prior to 8.0.4.1 Rails versions prior to 7.2.3.1 Description Active Storage enables users to attach cloud and local files within Rails applications. A flaw exists in the DiskServicedelete prefixed...
Rails 注入漏洞
Rails is an open-source web application framework based on the Ruby language, developed by the Rails team in the United States. There were injection vulnerabilities in versions of Rails Active Storage prior to 8.1.2.1, 8.0.4.1, and 7.2.3.1. These vulnerabilities stemmed from the direct passing of...
Rails 安全漏洞
Rails is an open-source web application framework based on the Ruby language, developed by the Rails team in the United States. There are security vulnerabilities in versions of Rails Active Storage prior to 8.1.2.1, 8.0.4.1, and 7.2.3.1. These vulnerabilities stem from the proxy controller loadi...
PT-2026-27262
Name of the Vulnerable Software and Affected Versions Rails versions prior to 8.1.2.1 Rails versions prior to 8.0.4.1 Rails versions prior to 7.2.3.1 Description Active Storage in Rails applications allows users to attach cloud and local files. The DiskServicepath for function does not validate...
Ruby on Rails: ActiveStorage Disk Service Path Traversal via Custom Blob Key Injection
A vulnerability was discovered in the ActiveStorage Disk Service component of Ruby on Rails. The vulnerability allowed an attacker to achieve arbitrary file write, read, and delete on the server's filesystem by injecting a malicious blob key. The vulnerability was due to insufficient validation o...