CVE-2022-21831

Опубликовано: 26 мая 2022

Источник: debian

EPSS Низкий

Описание

A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments.

Пакет	Статус	Версия исправления	Релиз	Тип
rails	fixed	2:6.1.4.7+dfsg-1		package

https://github.com/advisories/GHSA-w749-p3v6-hccq
https://github.com/rails/rails/commit/b0b5eaf477c907819ead1808d09bfaae3eb4cc54 (v6.1.4.7)
https://github.com/rails/rails/commit/92f64fec3136baabbebac97073c5213ea055dc53 (v6.0.4.7)
https://github.com/rails/rails/commit/94e2f00d2abedbea1ef62fc775d031ffda00662c (v5.2.6.3)

EPSS

Процентиль: 79%

0.01312

Низкий

CVE-2022-21831

CVSS3: 9.8

ubuntu

больше 3 лет назад

A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments.

CVE-2022-21831

CVSS3: 9.8

redhat

почти 4 года назад

A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments.

CVE-2022-21831

CVSS3: 9.8

nvd

больше 3 лет назад

A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments.

GHSA-w749-p3v6-hccq

CVSS3: 9.8

github

почти 4 года назад

Possible code injection vulnerability in Rails / Active Storage

BDU:2022-01318

CVSS3: 9.8

fstec

почти 4 года назад

Уязвимость модуля Active Storage программной платформы Ruby on Rails, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 79%

0.01312

Низкий