2 matches found
thoughtbot Paperclip ruby gem server-side request forgery vulnerability
The thoughtbot Paperclip ruby gem is an open source Ruby-based file attachment manager from thoughtbot, USA. A server-side request forgery vulnerability exists in the Paperclip::UriAdapter class in the thoughtbot Paperclip ruby gem 3.1.4 and later versions. An attacker can exploit this...
Server-Side Request Forgery (SSRF)
paperclip is vulnerable to server-side request forgery SSRF attacks. The application automatically loads URLs passed to the URI adapter, allowing a malicious user to pass malicious URLs to the application to gain access to sensitive information such as server configuration...