Critical severity9.8NVD Advisory· Published Nov 13, 2017· Updated Jun 17, 2026
CVE-2017-0889
CVE-2017-0889
Description
Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
paperclipRubyGems | >= 3.1.4, < 5.2.0 | 5.2.0 |
Affected products
3- thoughtbot/paperclip ruby gemv5Range: All versions since 3.1.4
Patches
Vulnerability mechanics
References
6- github.com/thoughtbot/paperclip/pull/2435nvdIssue TrackingPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-5jcf-c5rg-rmm8ghsaADVISORY
- hackerone.com/reports/713nvdIssue TrackingThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2017-0889ghsaADVISORY
- github.com/rubysec/ruby-advisory-db/blob/master/gems/paperclip/CVE-2017-0889.ymlghsaWEB
- hackerone.com/reports/209430nvdPermissions RequiredWEB
News mentions
0No linked articles in our index yet.