Количество 2
Количество 2
CVE-2015-2963
больше 10 лет назад
The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider the content-type value during media-type validation, which allows remote attackers to upload HTML documents and conduct cross-site scripting (XSS) attacks via a spoofed value, as demonstrated by image/jpeg.
CVSS2: 4.3
EPSS: Низкий
GHSA-6jvm-3j5h-79f6
больше 8 лет назад
paperclip Cross-site Scripting vulnerability
EPSS: Низкий
Уязвимостей на страницу
20
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2015-2963 The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider the content-type value during media-type validation, which allows remote attackers to upload HTML documents and conduct cross-site scripting (XSS) attacks via a spoofed value, as demonstrated by image/jpeg. | CVSS2: 4.3 | 0% Низкий | больше 10 лет назад |
| GHSA-6jvm-3j5h-79f6 paperclip Cross-site Scripting vulnerability | 0% Низкий | больше 8 лет назад |
Уязвимостей на страницу
20