VYPR

RubyGems package

paperclip

pkg:gem/paperclip

Vulnerabilities (2)

  • CVE-2017-0889CriNov 13, 2017
    affected >= 3.1.4, < 5.2.0fixed 5.2.0

    Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources.

  • CVE-2015-2963Jul 10, 2015
    affected < 4.2.2fixed 4.2.2

    The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider the content-type value during media-type validation, which allows remote attackers to upload HTML documents and conduct cross-site scripting (XSS) attacks via a spoofed value, as demonstrated by image/jpeg.