Lucene search
+L

29 matches found

EUVD
EUVD
added 2026/03/23 9:17 p.m.4 views

EUVD-2026-14632

Rails Active Storage has possible Path Traversal in DiskService...

9.3CVSS5.8AI score0.00567EPSS
Exploits0References7
OSV
OSV
added 2026/03/23 9:17 p.m.4 views

GHSA-9XRJ-H377-FR87 Rails Active Storage has possible Path Traversal in DiskService

Impact Active Storage's DiskServicepathfor does not validate that the resolved filesystem path remains within the storage root directory. If a blob key containing path traversal sequences e.g. ../ is used, it could allow reading, writing, or deleting arbitrary files on the server. Blob keys are...

9.3CVSS5.9AI score0.00567EPSS
Exploits0References10
RubySec
RubySec
added 2026/03/23 12:0 a.m.11 views

Rails Active Storage has possible Path Traversal in DiskService

Impact Active Storage's DiskServicepathfor does not validate that the resolved filesystem path remains within the storage root directory. If a blob key containing path traversal sequences e.g. ../ is used, it could allow reading, writing, or deleting arbitrary files on the server. Blob keys are...

9.8CVSS5.9AI score0.00567EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/03/23 12:0 a.m.10 views

Rails Active Storage has possible glob injection in its DiskService

Impact Active Storage's DiskServicedeleteprefixed passes blob keys directly to Dir.glob without escaping glob metacharacters. If a blob key contains attacker-controlled input or custom-generated keys with glob metacharacters, it may be possible to delete unintended files from the storage director...

9.1CVSS5.7AI score0.00646EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2026/03/02 7:38 a.m.17 views

Ruby on Rails: ActiveStorage Disk Service Path Traversal via Custom Blob Key Injection

A vulnerability was discovered in the ActiveStorage Disk Service component of Ruby on Rails. The vulnerability allowed an attacker to achieve arbitrary file write, read, and delete on the server's filesystem by injecting a malicious blob key. The vulnerability was due to insufficient validation o...

5.9AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/27 4:14 p.m.5 views

Security Bulletin: IBM System Storage Support for Microsoft Volume Shadow Copy Service and Virtual Disk Service is vulnerable to an improper input validation vulnerability due to Apache Axis. CVE-2023-51441.

Summary IBM System Storage Support for Microsoft Volume Shadow Copy Service and Virtual Disk Service is vulnerable to an improper input validation vulnerability due to Apache Axis. CVE-2023-51441. Vulnerability Details CVEID:CVE-2023-51441 DESCRIPTION: UNSUPPORTED WHEN ASSIGNED Improper Input...

7.2CVSS6.5AI score0.01213EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/13 10:29 a.m.17 views

Security Bulletin: IBM System Storage Support for Microsoft Volume Shadow Copy Service and Virtual Disk Service is vulnerable to multiple vulnerabilities due to Apache Axis. CVE-2018-8032, CVE-2014-3596, CVE-2019-0227, CVE-2012-5784

Summary IBM System Storage Support for Microsoft Volume Shadow Copy Service and Virtual Disk Service is vulnerable to multiple vulnerabilities due to Apache Axis. CVE-2018-8032, CVE-2014-3596, CVE-2019-0227, CVE-2012-5784. Vulnerability Details CVEID:CVE-2018-8032 DESCRIPTION: Apache Axis 1.x up ...

7.5CVSS7AI score0.86503EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/12/24 3:1 p.m.25 views

Security Bulletin: IBM Storage Support for Microsoft Volume Shadow Copy Service (VSS) and Virtual Disk Service (VDS) is affected by a vulnerability in Apache Log4j (CVE-2021-4104)

Summary A vulnerability was identified within the Apache Log4j library that is used by IBM Storage Support for Microsoft Volume Shadow Copy Service VSS and Virtual Disk Service VDS for IBM Spectrum Virtualize family and IBM DS8000 family storage systems. This vulnerability has been addressed...

7.5CVSS1AI score0.81147EPSS
Exploits9Affected Software1
RubySec
RubySec
added 2018/11/27 12:0 a.m.17 views

Bypass vulnerability in Active Storage

There is a vulnerability in Active Storage. This vulnerability has been assigned the CVE identifier CVE-2018-16477. Versions Affected: = 5.2.0 Not affected: 5.2.0 Fixed Versions: 5.2.1.1 Impact ------ Signed download URLs generated by ActiveStorage for Google Cloud Storage service and Disk servic...

6.5CVSS3.1AI score0.01311EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder