CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in `allowlisted_content_type?` determines Content-Type permissions by performing a partial match. If the `content_type` argument of `allowlisted_content_type?` is passed a value crafted by the attacker, Content-Types not included in the `content_type_allowlist` will be allowed. This issue has been patched in versions 2.2.5 and 3.0.5.
CVE-2023-49090 - Medium Severity Vulnerability
Vulnerable Library - carrierwave-1.2.3.gem
Upload files in your Ruby applications, map them to a range of ORMs, store them on different backends.
Library home page: https://rubygems.org/gems/carrierwave-1.2.3.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /Gemfile.lock
Dependency Hierarchy: - :x: **carrierwave-1.2.3.gem** (Vulnerable Library)
Found in base branch: master
Vulnerability Details
CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in `allowlisted_content_type?` determines Content-Type permissions by performing a partial match. If the `content_type` argument of `allowlisted_content_type?` is passed a value crafted by the attacker, Content-Types not included in the `content_type_allowlist` will be allowed. This issue has been patched in versions 2.2.5 and 3.0.5.
Publish Date: 2023-11-29
URL: CVE-2023-49090
CVSS 3 Score Details (6.8)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: carrierwave
Release Date: 2023-11-29
Fix Resolution: carrierwave - 2.2.5,3.0.5
Step up your Open Source Security Game with Mend here