Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider the content-type value during media-type validation, which allows remote attackers to upload HTML documents and conduct cross-site scripting (XSS) attacks via a spoofed value, as demonstrated by image/jpeg.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
thoughtbot paperclip gem for Ruby 跨站脚本漏洞
Vulnerability Description
thoughtbot paperclip gem for Ruby是软件开发者Jon Yurek所研发的一个Active Record的Ruby文件附件管理库,它的主要作用是被Active Record调用。 thoughtbot paperclip gem for Ruby 4.2.2之前版本中存在安全漏洞,该漏洞源于程序在media-type验证期间没有正确处理‘content-type’值。远程攻击者可借助伪造的值利用该漏洞上传任意HTML文档,实施跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A