Описание
Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources.
Отчет
Red Hat CloudForms 4shipped the vulnerable paperclip ruby gem, however this ruby gem was removed in CloudForms 5.8. As this issue has been addressed in CloudForms 5.8, and the issue is only rated moderate Red Hat Security will not be fixing this issue in CloudForms 5.7.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | paperclip | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS3
Связанные уязвимости
Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources.
paperclip Server-Side Request Forgery vulnerability
EPSS
4.3 Medium
CVSS3