Thoughtbot - Paperclip CVE

Filtered by vendor Thoughtbot Subscribe

Filtered by product Paperclip

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2015-2963	1 Thoughtbot	1 Paperclip	2016-12-03	4.3 MEDIUM	N/A
The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider the content-type value during media-type validation, which allows remote attackers to upload HTML documents and conduct cross-site scripting (XSS) attacks via a spoofed value, as demonstrated by image/jpeg.

Vulnerabilities (CVE)