Carrierwave Security Vulnerabilities and Issues — Carrierwave CVE List

Lucene search

Carrierwave ProjectCarrierwave

3 matches found

CVE•added 2021/02/08 8:15 p.m.•90 views

CVE-2021-21305

CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1, there is a code injection vulnerability. The "#manipulate!" method inappropriately evals the content of mutation option(:read/:write...

8.8CVSS8.2AI score0.03567EPSS

CVE•added 2021/02/08 8:15 p.m.•72 views

CVE-2021-21288

CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for interna...

4.3CVSS4.7AI score0.002EPSS

CVE•added 2023/11/29 3:15 p.m.•62 views

CVE-2023-49090

CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in allowlisted_content_type? determines Content-Type permissions by performing a partial match. If the ...

6.8CVSS6.1AI score0.00139EPSS