carrierwave
RubyGems4 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting carrierwavepage 1 of 1
- CVE-2021-21288MEDIUMCVSS 4.3EG 4.3✓ Fixed in 2.1.12021-02-08
vulnerable: 2.0.0, 2.0.1, 2.0.2, 2.1.0
CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF vulnerability, allowing attacks to provi…
- CVE-2021-21305HIGHCVSS 7.4EG 7.4✓ Fixed in 2.1.12021-02-08
vulnerable: 2.0.0, 2.0.1, 2.0.2, 2.1.0
CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1, there is a code injection vulnerability. The "#manipulate!" method inapp…
- CVE-2023-49090MEDIUMCVSS 6.8EG 6.8✓ Fixed in 2.2.52023-11-29
vulnerable: 0.1 ... 2.2.4 (69 versions)
CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in `allowlisted_content_type?` determines C…
- CVE-2024-29034MEDIUMCVSS 6.8EG 6.8✓ Fixed in 2.2.62024-03-24
vulnerable: 0.1 ... 2.2.5 (70 versions)
CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. The vulnerability CVE-2023-49090 wasn't fully addressed. This vulnerability is caused by the fact that when uploading to object storage, including…
Check whether carrierwave is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for carrierwave CVEs against the assets you own.
Start Free Scan →