pkg:gem/carrierwave

Type gem

Name carrierwave

Known advisories, vulnerabilities and fixes for carrierwave package.

Repository: https://rubygems.org/gems/carrierwave

High 1

Medium 3

Type	Version	Distribution	# CVEs	# Advisory ID	Title	Severity	Published
Affected	< 2.1.1		CVE-2021-21288	RUBYSEC:CARRIERWAVE-2021-21288	Server-side request forgery in CarrierWave	medium	2021-02-08T00:00:00 (3 years ago)
Fixed	= 1.3.2 >= 2.1.1		CVE-2021-21288	RUBYSEC:CARRIERWAVE-2021-21288	Server-side request forgery in CarrierWave	medium	2021-02-08T00:00:00 (3 years ago)
Affected	< 2.1.1		CVE-2021-21305	RUBYSEC:CARRIERWAVE-2021-21305	Code Injection vulnerability in CarrierWave::RMagick	high	2021-02-08T00:00:00 (3 years ago)
Fixed	= 1.3.2 >= 2.1.1		CVE-2021-21305	RUBYSEC:CARRIERWAVE-2021-21305	Code Injection vulnerability in CarrierWave::RMagick	high	2021-02-08T00:00:00 (3 years ago)
Affected	< 3.0.5		CVE-2023-49090	RUBYSEC:CARRIERWAVE-2023-49090	CarrierWave Content-Type allowlist bypass vulnerability, possibly leading to XSS	medium	2023-11-29T00:00:00 (9 months ago)
Fixed	= 2.2.5 >= 3.0.5		CVE-2023-49090	RUBYSEC:CARRIERWAVE-2023-49090	CarrierWave Content-Type allowlist bypass vulnerability, possibly leading to XSS	medium	2023-11-29T00:00:00 (9 months ago)
Affected	< 3.0.7		CVE-2024-29034	RUBYSEC:CARRIERWAVE-2024-29034	CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained	medium	2024-03-25T00:00:00 (5 months ago)
Fixed	= 2.2.6 >= 3.0.7		CVE-2024-29034	RUBYSEC:CARRIERWAVE-2024-29034	CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained	medium	2024-03-25T00:00:00 (5 months ago)