Skip to main content

Paperclip

2 CVEs product

Monthly

CVE-2017-0889 Ruby CRITICAL PATCH Act Now

Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Paperclip
NVD GitHub
CVSS 3.0
9.8
EPSS
0.3%
CVE-2015-2963 Ruby MEDIUM POC PATCH This Month

The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider the content-type value during media-type validation, which allows remote attackers to upload HTML documents and conduct cross-site. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Paperclip
NVD GitHub
CVSS 2.0
4.3
EPSS
0.5%
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Paperclip
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider the content-type value during media-type validation, which allows remote attackers to upload HTML documents and conduct cross-site. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Paperclip
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy