6 matches found
ruby3.4-rubygem-activestorage-7.0-7.0.8.6-1.3 on GA media (moderate)
ruby3.4-rubygem-activestorage-7.0-7.0.8.6-1.3 on GA media Announcement ID: openSUSE-SU-2025:15113-1 Rating: moderate Cross-References: CVE-2022-21831 CVSS scores: CVE-2022-21831 SUSE : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Tumbleweed An update that solves on...
[SECURITY] [DSA 5372-1] rails security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5372-1 [email protected] https://www.debian.org/security/ Aron Xu March 13, 2023 https://www.debian.org/security/faq - -------------------------------------------------------------------------...
SUSE CVE-2022-21831
A code injection vulnerability exists in the Active Storage = v5.2.0 that could allow an attacker to execute code via imageprocessing arguments...
Security Bulletin: A security vulnerability in Ruby on Rails affects IBM Cloud Pak for Multicloud Management Infrastructure Management [CVE-2022-21831]
Summary A security vulnerability in Ruby on Rails affects IBM Cloud Pak for Multicloud Management Infrastructure Management CVE-2022-21831 Vulnerability Details CVEID:CVE-2022-21831 DESCRIPTION: Ruby on Rails Active Storage module could allow a remote attacker to execute arbitrary code on the...
Internet Bug Bounty: CVE-2022-21831: Possible code injection vulnerability in Rails / Active Storage
Original report: https://hackerone.com/reports/1154034 Rails advisory: https://discuss.rubyonrails.org/t/cve-2022-21831-possible-code-injection-vulnerability-in-rails-active-storage/80199 Blogpost:...
CVE-2022-21831
CVE-2022-21831 affects Ruby on Rails’ Active Storage (Rails >= 5.2.0). The vulnerability arises from a code-injection in the image_processing backend (mini_magick), allowing remote code execution via crafted image_processing arguments. Impact is High (CVE describes RCE; CVSSv3.1 base score 9.8...