Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:gem/carrierwave@0.10.0

Type gem

Namespace

Name carrierwave

Version 0.10.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.2.7

Latest_non_vulnerable_version 3.1.3

Affected_by_vulnerabilities

url VCID-8qcp-bmgq-wye6

vulnerability_id VCID-8qcp-bmgq-wye6

summary

Code Injection vulnerability in CarrierWave::RMagick
### Impact
[CarrierWave::RMagick](https://github.com/carrierwaveuploader/carrierwave/blob/master/lib/carrierwave/processing/rmagick.rb)
has a Code Injection vulnerability. Its `#manipulate!` method inappropriately evals the content of mutation
option(`:read`/`:write`), allowing attackers to craft a string that can be executed as a Ruby code.
If an application developer supplies untrusted inputs to the option, it will lead to remote code execution(RCE).

(But supplying untrusted input to the option itself is dangerous even in absence of this vulnerability, since is prone to
DoS vulnerability - attackers can try to consume massive amounts of memory by resizing to a very large dimension)

### Proof of Concept
```ruby
class MyUploader < CarrierWave::Uploader::Base
  include CarrierWave::RMagick
end

MyUploader.new.manipulate!({ read: { density: "1 }; p 'Hacked'; {" }}) # => shows "Hacked"
```

### Patches
Upgrade to [2.1.1](https://rubygems.org/gems/carrierwave/versions/2.1.1) or
[1.3.2](https://rubygems.org/gems/carrierwave/versions/1.3.2).

### Workarounds
Stop supplying untrusted input to `#manipulate!`'s mutation option.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21305

reference_id

reference_type

scores

value	0.0282
scoring_system	epss
scoring_elements	0.86425
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21305

reference_url

https://github.com/carrierwaveuploader/carrierwave

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/carrierwaveuploader/carrierwave

reference_url

https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#132---2021-02-08

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#132---2021-02-08

reference_url

https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#211---2021-02-08

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#211---2021-02-08

reference_url

https://github.com/carrierwaveuploader/carrierwave/commit/387116f5c72efa42bc3938d946b4c8d2f22181b7

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/carrierwaveuploader/carrierwave/commit/387116f5c72efa42bc3938d946b4c8d2f22181b7

reference_url

https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-cf3w-g86h-35x4

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-cf3w-g86h-35x4

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/carrierwave/CVE-2021-21305.yml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/carrierwave/CVE-2021-21305.yml

reference_url

https://rubygems.org/gems/carrierwave

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://rubygems.org/gems/carrierwave

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982551
reference_id	982551
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982551

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21305

reference_id

CVE-2021-21305

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21305

fixed_packages

url pkg:gem/carrierwave@1.3.2

purl pkg:gem/carrierwave@1.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hway-mr71-cqgj

vulnerability	VCID-phc1-hxmj-4qdw

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/carrierwave@1.3.2

url pkg:gem/carrierwave@2.0.0.rc

purl pkg:gem/carrierwave@2.0.0.rc

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hway-mr71-cqgj

vulnerability	VCID-phc1-hxmj-4qdw

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/carrierwave@2.0.0.rc

url pkg:gem/carrierwave@2.1.1

purl pkg:gem/carrierwave@2.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hway-mr71-cqgj

vulnerability	VCID-phc1-hxmj-4qdw

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/carrierwave@2.1.1

aliases CVE-2021-21305, GHSA-cf3w-g86h-35x4

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8qcp-bmgq-wye6

url VCID-gfzv-e2cs-c3dz

vulnerability_id VCID-gfzv-e2cs-c3dz

summary

Server-side request forgery in CarrierWave
### Impact
[CarrierWave download feature](https://github.com/carrierwaveuploader/carrierwave#uploading-files-from-a-remote-location
has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use
and gather information about the Intranet infrastructure of the platform.

### Patches
Upgrade to [2.1.1](https://rubygems.org/gems/carrierwave/versions/2.1.1) or
[1.3.2](https://rubygems.org/gems/carrierwave/versions/1.3.2).

### Workarounds
Using proper network segmentation and applying the principle of least privilege to outbound connections from application
servers can reduce the severity of SSRF vulnerabilities. Ideally the vulnerable gem should run on an isolated server
without access to any internal network resources or cloud metadata access.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21288

reference_id

reference_type

scores

value	0.002
scoring_system	epss
scoring_elements	0.41973
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21288

reference_url

https://github.com/carrierwaveuploader/carrierwave

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/carrierwaveuploader/carrierwave

reference_url

https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#132---2021-02-08

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#132---2021-02-08

reference_url

https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#211---2021-02-08

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#211---2021-02-08

reference_url

https://github.com/carrierwaveuploader/carrierwave/commit/012702eb3ba1663452aa025831caa304d1a665c0

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/carrierwaveuploader/carrierwave/commit/012702eb3ba1663452aa025831caa304d1a665c0

reference_url

https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-fwcm-636p-68r5

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-fwcm-636p-68r5

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/carrierwave/CVE-2021-21288.yml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/carrierwave/CVE-2021-21288.yml

reference_url

https://rubygems.org/gems/carrierwave

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rubygems.org/gems/carrierwave

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982552
reference_id	982552
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982552

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21288

reference_id

CVE-2021-21288

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21288

fixed_packages

url pkg:gem/carrierwave@1.3.2

purl pkg:gem/carrierwave@1.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hway-mr71-cqgj

vulnerability	VCID-phc1-hxmj-4qdw

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/carrierwave@1.3.2

url pkg:gem/carrierwave@2.0.0.rc

purl pkg:gem/carrierwave@2.0.0.rc

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hway-mr71-cqgj

vulnerability	VCID-phc1-hxmj-4qdw

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/carrierwave@2.0.0.rc

url pkg:gem/carrierwave@2.1.1

purl pkg:gem/carrierwave@2.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hway-mr71-cqgj

vulnerability	VCID-phc1-hxmj-4qdw

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/carrierwave@2.1.1

aliases CVE-2021-21288, GHSA-fwcm-636p-68r5

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gfzv-e2cs-c3dz

url VCID-hway-mr71-cqgj

vulnerability_id VCID-hway-mr71-cqgj

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in `allowlisted_content_type?` determines Content-Type permissions by performing a partial match. If the `content_type` argument of `allowlisted_content_type?` is passed a value crafted by the attacker, Content-Types not included in the `content_type_allowlist` will be allowed. This issue has been patched in versions 2.2.5 and 3.0.5.

references

reference_url

https://github.com/carrierwaveuploader/carrierwave

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/carrierwaveuploader/carrierwave

reference_url

https://github.com/carrierwaveuploader/carrierwave/blob/master/lib/carrierwave/uploader/content_type_allowlist.rb

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/carrierwaveuploader/carrierwave/blob/master/lib/carrierwave/uploader/content_type_allowlist.rb

reference_url

https://github.com/carrierwaveuploader/carrierwave/commit/39b282db5c1303899b3d3381ce8a837840f983b5

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/carrierwaveuploader/carrierwave/commit/39b282db5c1303899b3d3381ce8a837840f983b5

reference_url

https://github.com/carrierwaveuploader/carrierwave/commit/863d425c76eba12c3294227b39018f6b2dccbbf3

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/carrierwaveuploader/carrierwave/commit/863d425c76eba12c3294227b39018f6b2dccbbf3

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/carrierwave/CVE-2023-49090.yml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/carrierwave/CVE-2023-49090.yml

reference_url

https://rubygems.org/gems/carrierwave/versions/2.2.5

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rubygems.org/gems/carrierwave/versions/2.2.5

reference_url

https://rubygems.org/gems/carrierwave/versions/3.0.5

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rubygems.org/gems/carrierwave/versions/3.0.5

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068150
reference_id	1068150
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068150

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-49090

reference_id

CVE-2023-49090

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-49090

reference_url	https://github.com/advisories/GHSA-gxhx-g4fq-49hj
reference_id	GHSA-gxhx-g4fq-49hj
reference_type
scores
url	https://github.com/advisories/GHSA-gxhx-g4fq-49hj

reference_url

https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-gxhx-g4fq-49hj

reference_id

GHSA-gxhx-g4fq-49hj

reference_type

scores

value	6.8
scoring_system	cvssv3
scoring_elements

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-gxhx-g4fq-49hj

fixed_packages

url pkg:gem/carrierwave@2.2.5

purl pkg:gem/carrierwave@2.2.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-phc1-hxmj-4qdw

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/carrierwave@2.2.5

url pkg:gem/carrierwave@3.0.5

purl pkg:gem/carrierwave@3.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-phc1-hxmj-4qdw

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/carrierwave@3.0.5

aliases CVE-2023-49090, GHSA-gxhx-g4fq-49hj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hway-mr71-cqgj

url VCID-phc1-hxmj-4qdw

vulnerability_id VCID-phc1-hxmj-4qdw

summary

CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained
The vulnerability [CVE-2023-49090](https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-gxhx-g4fq-49hj) wasn't fully addressed.

This vulnerability is caused by the fact that when uploading to object storage, including Amazon S3, it is possible to set a Content-Type value that is interpreted by browsers to be different from what's allowed by `content_type_allowlist`, by providing multiple values separated by commas.

This bypassed value can be used to cause XSS.

references

reference_url

https://github.com/carrierwaveuploader/carrierwave

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/carrierwaveuploader/carrierwave

reference_url

https://github.com/carrierwaveuploader/carrierwave/commit/25b1c800d45ef8e78dc445ebe3bd8a6e3f0a3477

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/carrierwaveuploader/carrierwave/commit/25b1c800d45ef8e78dc445ebe3bd8a6e3f0a3477

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/carrierwave/CVE-2024-29034.yml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/carrierwave/CVE-2024-29034.yml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-29034

reference_id

CVE-2024-29034

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-29034

reference_url	https://github.com/advisories/GHSA-vfmv-jfc5-pjjw
reference_id	GHSA-vfmv-jfc5-pjjw
reference_type
scores
url	https://github.com/advisories/GHSA-vfmv-jfc5-pjjw

reference_url

https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-vfmv-jfc5-pjjw

reference_id

GHSA-vfmv-jfc5-pjjw

reference_type

scores

value	6.8
scoring_system	cvssv3
scoring_elements

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-vfmv-jfc5-pjjw

fixed_packages

url pkg:gem/carrierwave@2.2.6

purl pkg:gem/carrierwave@2.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-phc1-hxmj-4qdw

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/carrierwave@2.2.6

url pkg:gem/carrierwave@3.0.7

purl pkg:gem/carrierwave@3.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-phc1-hxmj-4qdw

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/carrierwave@3.0.7

aliases CVE-2024-29034, GHSA-vfmv-jfc5-pjjw

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-phc1-hxmj-4qdw

url VCID-vgrv-3ab7-sqfx

vulnerability_id VCID-vgrv-3ab7-sqfx

summary This package is vulnerable to Information Exposure. When an exception message occurs, it contains the full path of the project directory.

references

reference_url	https://github.com/carrierwaveuploader/carrierwave/commit/96314bb42c32d6b24278474e1c877b53a88bfaf8
reference_id
reference_type
scores
url	https://github.com/carrierwaveuploader/carrierwave/commit/96314bb42c32d6b24278474e1c877b53a88bfaf8

reference_url	https://github.com/carrierwaveuploader/carrierwave/pull/1361
reference_id
reference_type
scores
url	https://github.com/carrierwaveuploader/carrierwave/pull/1361

fixed_packages

url pkg:gem/carrierwave@1.0.0.beta

purl pkg:gem/carrierwave@1.0.0.beta

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8qcp-bmgq-wye6

vulnerability	VCID-gfzv-e2cs-c3dz

vulnerability	VCID-hway-mr71-cqgj

vulnerability	VCID-phc1-hxmj-4qdw

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/carrierwave@1.0.0.beta

aliases GMS-2014-3

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vgrv-3ab7-sqfx

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:gem/carrierwave@0.10.0

Package Instance