Critical severity9.8NVD Advisory· Published Nov 13, 2017· Updated May 13, 2026
CVE-2017-0889
CVE-2017-0889
Description
Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
paperclipRubyGems | >= 3.1.4, < 5.2.0 | 5.2.0 |
Affected products
1- thoughtbot/paperclip ruby gemv5Range: All versions since 3.1.4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/thoughtbot/paperclip/pull/2435nvdIssue TrackingPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-5jcf-c5rg-rmm8ghsaADVISORY
- hackerone.com/reports/713nvdIssue TrackingThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2017-0889ghsaADVISORY
- github.com/rubysec/ruby-advisory-db/blob/master/gems/paperclip/CVE-2017-0889.ymlghsaWEB
- hackerone.com/reports/209430nvdPermissions RequiredWEB
News mentions
0No linked articles in our index yet.