1. Home
  2. Packages
  3. gem
  4. activestorage

pkg:gem/activestorage

Type gem
Name activestorage

Known advisories, vulnerabilities and fixes for activestorage package.

Repository
https://rubygems.org/gems/activestorage
Critical 1
High 1
Medium 2
Type Version Distribution # CVEs # Advisory ID Title Severity Published
Affected < 5.2.1.1 = 5.2.0 CVE-2018-16477
rubysec RUBYSEC:ACTIVESTORAGE-2018-16477 Bypass vulnerability in Active Storage medium 2018-11-27T00:00:00
(5 years ago)
Fixed >= 5.2.1.1 CVE-2018-16477
rubysec RUBYSEC:ACTIVESTORAGE-2018-16477 Bypass vulnerability in Active Storage medium 2018-11-27T00:00:00
(5 years ago)
Unaffected < 5.2.0 CVE-2018-16477
rubysec RUBYSEC:ACTIVESTORAGE-2018-16477 Bypass vulnerability in Active Storage medium 2018-11-27T00:00:00
(5 years ago)
Affected < 5.2.4.3 < 6.0.3.1 CVE-2020-8162
rubysec RUBYSEC:ACTIVESTORAGE-2020-8162 Circumvention of file size limits in ActiveStorage high 2020-05-18T00:00:00
(4 years ago)
Fixed = 5.2.4 >= 5.2.4.3 >= 6.0.3.1 CVE-2020-8162
rubysec RUBYSEC:ACTIVESTORAGE-2020-8162 Circumvention of file size limits in ActiveStorage high 2020-05-18T00:00:00
(4 years ago)
Affected < 5.2.6.3 < 6.0.4.7 < 6.1.4.7 < 7.0.2.3 = 5.2.0 CVE-2022-21831
rubysec RUBYSEC:ACTIVESTORAGE-2022-21831 Possible code injection vulnerability in Rails / Active Storage critical 2022-03-08T00:00:00
(2 years ago)
Fixed = 5.2.6 >= 5.2.6.3 = 6.0.4 >= 6.0.4.7 = 6.1.4 >= 6.1.4.7 >= 7.0.2.3 CVE-2022-21831
rubysec RUBYSEC:ACTIVESTORAGE-2022-21831 Possible code injection vulnerability in Rails / Active Storage critical 2022-03-08T00:00:00
(2 years ago)
Unaffected < 5.2.0 CVE-2022-21831
rubysec RUBYSEC:ACTIVESTORAGE-2022-21831 Possible code injection vulnerability in Rails / Active Storage critical 2022-03-08T00:00:00
(2 years ago)
Affected < 6.1.7.7 < 7.0.8.1 = 5.2.0 CVE-2024-26144
rubysec RUBYSEC:ACTIVESTORAGE-2024-26144 Possible Sensitive Session Information Leak in Active Storage medium 2024-02-21T00:00:00
(7 months ago)
Fixed = 6.1.7 >= 6.1.7.7 >= 7.0.8.1 CVE-2024-26144
rubysec RUBYSEC:ACTIVESTORAGE-2024-26144 Possible Sensitive Session Information Leak in Active Storage medium 2024-02-21T00:00:00
(7 months ago)
Unaffected < 5.2.0 >= 7.1.0 CVE-2024-26144
rubysec RUBYSEC:ACTIVESTORAGE-2024-26144 Possible Sensitive Session Information Leak in Active Storage medium 2024-02-21T00:00:00
(7 months ago)