EUVD-2025-29509

Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables...

Fedora 44 : rubygem-actioncable / rubygem-actionmailbox / rubygem-actionmailer / etc (2025-6e5c27d218)

The remote Fedora 44 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-6e5c27d218 advisory. Update to Ruby on Rails 8.0.3 Fix CVE-2025-24293: Active Storage allowed transformation methods potentially unsafe Fix CVE-2025-55193: ANSI escape...

CVE-2022-21831

A flaw was found in the Active Storage module of Rails, where the transformation method or its arguments for imageprocessing are not trusted arbitrary input. This flaw allows an attacker to inject code in Rails. Mitigation To work around this issue, applications should implement a strict allow-li...

Possible code injection vulnerability in Rails / Active Storage

The Active Storage module of Rails starting with version 5.2.0 is possibly vulnerable to code injection. This issue was patched in versions 5.2.6.3, 6.0.4.7, 6.1.4.7, and 7.0.2.3. To work around this issue, applications should implement a strict allow-list on accepted transformation methods or...