Critical severityNVD Advisory· Published May 26, 2022· Updated Aug 3, 2024
CVE-2022-21831
CVE-2022-21831
Description
A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
activestorageRubyGems | >= 5.2.0, < 5.2.6.3 | 5.2.6.3 |
activestorageRubyGems | >= 6.0.0, < 6.0.4.7 | 6.0.4.7 |
activestorageRubyGems | >= 6.1.0, < 6.1.4.7 | 6.1.4.7 |
activestorageRubyGems | >= 7.0.0, < 7.0.2.3 | 7.0.2.3 |
Affected products
4- Active Storage/Active Storagedescription
- ghsa-coords3 versionspkg:gem/activestoragepkg:rpm/opensuse/ruby3.2-rubygem-activestorage-7.0&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rubygem-activestorage-7.0&distro=openSUSE%20Tumbleweed
>= 5.2.0, < 5.2.6.3+ 2 more
- (no CPE)range: >= 5.2.0, < 5.2.6.3
- (no CPE)range: < 7.0.4.3-1.1
- (no CPE)range: < 7.0.2.3-1.1
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-w749-p3v6-hccqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-21831ghsaADVISORY
- www.debian.org/security/2023/dsa-5372ghsavendor-advisoryWEB
- github.com/rails/rails/commit/0a72f7d670e9aa77a0bb8584cb1411ddabb7546eghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2022-21831.ymlghsaWEB
- groups.google.com/g/rubyonrails-security/c/n-p-W1yxatIghsaWEB
- lists.debian.org/debian-lts-announce/2022/09/msg00002.htmlghsamailing-listWEB
- rubysec.com/advisories/CVE-2022-21831ghsaWEB
- security.netapp.com/advisory/ntap-20221118-0001ghsaWEB
- security.netapp.com/advisory/ntap-20221118-0001/mitre
News mentions
0No linked articles in our index yet.