VYPR
Vendor

Thoughtbot

Products
4
CVEs
5
Across products
5
Status
Private

Products

4

Recent CVEs

5
  • CVE-2017-0889CriNov 13, 2017
    risk 0.64cvss 9.8epss 0.03

    Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources.

  • CVE-2021-23435Sep 12, 2021
    risk 0.00cvss epss 0.01

    This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session[:return_to]. If the value used for return_to contains multiple leading slashes (/////example.com) the user ends up being redirected to the external…

  • CVE-2020-5257Mar 13, 2020
    risk 0.00cvss epss 0.01

    In Administrate (rubygem) before version 0.13.0, when sorting by attributes on a dashboard, the direction parameter was not validated before being interpolated into the SQL query. This could present a SQL injection if the attacker were able to modify the `direction` parameter…

  • CVE-2015-2963Jul 10, 2015
    risk 0.00cvss epss 0.02

    The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider the content-type value during media-type validation, which allows remote attackers to upload HTML documents and conduct cross-site scripting (XSS) attacks via a spoofed value, as demonstrated by image/jpeg.

  • CVE-2013-4457Nov 2, 2013
    risk 0.00cvss epss 0.01

    The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation.