Описание
Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources.
Ссылки
- Issue TrackingPatchThird Party Advisory
- Permissions Required
- Issue TrackingThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Permissions Required
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.1.4 (включая) до 5.2.0 (исключая)
cpe:2.3:a:thoughtbot:paperclip:*:*:*:*:*:ruby:*:*
EPSS
Процентиль: 57%
0.00344
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-918
CWE-918
Связанные уязвимости
CVSS3: 4.3
redhat
почти 9 лет назад
Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources.
CVSS3: 9.8
github
около 8 лет назад
paperclip Server-Side Request Forgery vulnerability
EPSS
Процентиль: 57%
0.00344
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-918
CWE-918