VYPR

Paperclip

by Thoughtbot

gem: paperclip

Source repositories

CVEs (2)

  • CVE-2017-0889CriNov 13, 2017
    risk 0.64cvss 9.8epss 0.03

    Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources.

  • CVE-2015-2963Jul 10, 2015
    risk 0.00cvss epss 0.02

    The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider the content-type value during media-type validation, which allows remote attackers to upload HTML documents and conduct cross-site scripting (XSS) attacks via a spoofed value, as demonstrated by image/jpeg.