VYPR
Critical severity9.8NVD Advisory· Published Nov 13, 2017· Updated Jun 17, 2026

CVE-2017-0889

CVE-2017-0889

Description

Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
paperclipRubyGems
>= 3.1.4, < 5.2.05.2.0

Affected products

3
  • cpe:2.3:a:thoughtbot:paperclip:*:*:*:*:*:ruby:*:*
    Range: >=3.1.4,<5.2.0
  • ghsa-coords
    Range: >= 3.1.4, < 5.2.0
  • thoughtbot/paperclip ruby gemv5
    Range: All versions since 3.1.4

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.