pkg:gem/carrierwave
Type
gem
Name
carrierwave
Known advisories, vulnerabilities and fixes for carrierwave package.
- Repository
- https://rubygems.org/gems/carrierwave
High
1
Medium
3
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | < 2.1.1 |
CVE-2021-21288
|
RUBYSEC:CARRIERWAVE-2021-21288 | Server-side request forgery in CarrierWave | medium |
2021-02-08T00:00:00
(3 years ago) |
|
Fixed | = 1.3.2 >= 2.1.1 |
CVE-2021-21288
|
RUBYSEC:CARRIERWAVE-2021-21288 | Server-side request forgery in CarrierWave | medium |
2021-02-08T00:00:00
(3 years ago) |
|
Affected | < 2.1.1 |
CVE-2021-21305
|
RUBYSEC:CARRIERWAVE-2021-21305 | Code Injection vulnerability in CarrierWave::RMagick | high |
2021-02-08T00:00:00
(3 years ago) |
|
Fixed | = 1.3.2 >= 2.1.1 |
CVE-2021-21305
|
RUBYSEC:CARRIERWAVE-2021-21305 | Code Injection vulnerability in CarrierWave::RMagick | high |
2021-02-08T00:00:00
(3 years ago) |
|
Affected | < 3.0.5 |
CVE-2023-49090
|
RUBYSEC:CARRIERWAVE-2023-49090 | CarrierWave Content-Type allowlist bypass vulnerability, possibly leading to XSS | medium |
2023-11-29T00:00:00
(9 months ago) |
|
Fixed | = 2.2.5 >= 3.0.5 |
CVE-2023-49090
|
RUBYSEC:CARRIERWAVE-2023-49090 | CarrierWave Content-Type allowlist bypass vulnerability, possibly leading to XSS | medium |
2023-11-29T00:00:00
(9 months ago) |
|
Affected | < 3.0.7 |
CVE-2024-29034
|
RUBYSEC:CARRIERWAVE-2024-29034 | CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained | medium |
2024-03-25T00:00:00
(5 months ago) |
|
Fixed | = 2.2.6 >= 3.0.7 |
CVE-2024-29034
|
RUBYSEC:CARRIERWAVE-2024-29034 | CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained | medium |
2024-03-25T00:00:00
(5 months ago) |