Lucene search
K

7 matches found

Veracode
Veracode
added 2026/03/28 5:29 a.m.9 views

Improper Input Validation

activestorage is vulnerable to Improper Input Validation. The vulnerability is due to unescaped use of blob keys in Dir.glob within DiskServicedeleteprefixed, which allows an attacker to inject glob metacharacters and delete unintended files from the storage directory...

9.1CVSS5.9AI score0.00646EPSS
Exploits0References7Affected Software2
SUSE CVE
SUSE CVE
added 2026/03/25 12:23 a.m.6 views

SUSE CVE-2026-33202

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's DiskServicedeleteprefixed passes blob keys directly to Dir.glob without escaping glob metacharacters. If a blob key contains attacker-controlled inp...

9.1CVSS5.8AI score0.00646EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-33202

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's...

9.1CVSS5.8AI score0.00646EPSS
Exploits0References3
NVD
NVD
added 2026/03/24 12:16 a.m.2 views

CVE-2026-33202

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's DiskServicedeleteprefixed passes blob keys directly to Dir.glob without escaping glob metacharacters. If a blob key contains attacker-controlled inp...

9.1CVSS0.00646EPSS
Exploits0References7
OSV
OSV
added 2026/03/24 12:16 a.m.4 views

UBUNTU-CVE-2026-33202

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's DiskServicedeleteprefixed passes blob keys directly to Dir.glob without escaping glob metacharacters. If a blob key contains attacker-controlled inp...

9.1CVSS5.7AI score0.00646EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/03/23 11:34 p.m.2 views

CVE-2026-33202

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's DiskServicedeleteprefixed passes blob keys directly to Dir.glob without escaping glob metacharacters. If a blob key contains attacker-controlled inp...

8.7CVSS5.8AI score0.00646EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2026/03/23 11:34 p.m.3 views

CVE-2026-33202

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's DiskServicedeleteprefixed passes blob keys directly to Dir.glob without escaping glob metacharacters. If a blob key contains attacker-controlled inp...

9.1CVSS5.2AI score0.00646EPSS
Exploits0
Rows per page
Query Builder