All 4 CVE vulnerabilities found in carrierwave, with AI-generated Chinese analysis, references, and POCs.
Vendor: carrierwaveuploader
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-29034 | CarrierWave's Content-Type allowlist bypass vulnerability which possibly leads to XSS remained CWE-436 | 6.8 | Medium | 2024-03-24 |
| CVE-2023-49090 | CarrierWave has a content-type allowlist bypass vulnerability, possibly leading to XSS CWE-79 | 6.8 | Medium | 2023-11-29 |
| CVE-2021-21305 | Code Injection vulnerability in CarrierWave CWE-74 | 7.4 | High | 2021-02-08 |
| CVE-2021-21288 | Server-side request forgery in CarrierWave CWE-918 | 4.3 | Medium | 2021-02-08 |
All 4 known CVE vulnerabilities affecting carrierwave with full Chinese analysis, references, and POCs where available.