- Description
- CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. The vulnerability CVE-2023-49090 wasn't fully addressed. This vulnerability is caused by the fact that when uploading to object storage, including Amazon S3, it is possible to set a Content-Type value that is interpreted by browsers to be different from what's allowed by `content_type_allowlist`, by providing multiple values separated by commas. This bypassed value can be used to cause XSS. Upgrade to 3.0.7 or 2.2.6.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- carrierwave
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:carrierwave_project:carrierwave:*:*:*:*:*:ruby:*:*",
"vulnerable": true,
"matchCriteriaId": "CEE8AA28-CB1B-4F9B-85EF-023D7E858C19",
"versionEndExcluding": "2.2.6"
},
{
"criteria": "cpe:2.3:a:carrierwave_project:carrierwave:*:*:*:*:*:ruby:*:*",
"vulnerable": true,
"matchCriteriaId": "F1B63FCD-0BE2-41EC-A0E3-13FE2ED9513C",
"versionEndExcluding": "3.0.7",
"versionStartIncluding": "3.0.0"
}
],
"operator": "OR"
}
]
}
]