Lucene search
+L

6 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:28 a.m.9 views

CVE-2023-49090

CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in allowlistedcontenttype? determines Content-Type permissions by performing a partial match. If the...

6.8CVSS6.6AI score0.00613EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/05/07 12:0 a.m.5 views

Ubuntu: Security Advisory (USN-7497-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.1AI score0.12678EPSS
Exploits1References2
Snyk
Snyk
added 2024/03/24 7:42 p.m.1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the improper handling of Content-Type headers when uploading to object storage, including Amazon S3. An attacker can bypass the contenttypeallowlist by providing multiple Content-Type values separated by...

6.8CVSS5.3AI score0.00613EPSS
Exploits0References2
Circl
Circl
added 2023/12/20 11:12 a.m.7 views

CVE-2023-49090

creationtimestamp| type| source ---|---|--- 2023-12-20 11:12:32+00:00| seen| https://t.me/ctinow/156873...

6.8CVSS6.2AI score0.00613EPSS
Exploits0References1
NVD
NVD
added 2023/11/29 3:15 p.m.40 views

CVE-2023-49090

CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in allowlistedcontenttype? determines Content-Type permissions by performing a partial match. If the...

6.8CVSS0.00613EPSS
Exploits0References3
CVE
CVE
added 2023/11/29 2:38 p.m.79 views

CVE-2023-49090

CarrierWave (Ruby/Rails file-upload library) contains a Content-Type allowlist bypass vulnerability (CVE-2023-49090). The issue arises because allowlisted_content_type? validates Content-Type via partial matching, enabling an attacker to craft content_type values that bypasses the allowlist, pote...

6.8CVSS6.1AI score0.00613EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder