Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/camaleon_cms@2.8.3
purl pkg:gem/camaleon_cms@2.8.3
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 10.0
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-5gks-ge3p-tya5
Aliases:
CVE-2025-2304
GHSA-rp28-mvq3-wf8j
A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the 'updated_ajax' method of the UsersController is called. The vulnerability stems from the use of the dangerous permit! method, which allows all parameters to pass through without any filtering.
2.9.1
Affected by 1 other vulnerability.
VCID-6vu4-jbn6-mqh9
Aliases:
CVE-2024-46986
GHSA-wmjg-vqhv-q5p5
Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on (depending on the permissions of the underlying filesystem). E.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. There are no reported fixed by versions.
VCID-9wt5-cqus-d3bm
Aliases:
GHSA-75j2-9gmc-m855
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184) There are no reported fixed by versions.
VCID-jcrg-ej53-zfeg
Aliases:
CVE-2026-1776
GHSA-jw5g-f64p-6x78
Camaleon CMS versions 2.4.5.0 through 2.9.0, prior to commit f54a77e, contain a path traversal vulnerability in the AWS S3 uploader implementation that allows authenticated users to read arbitrary files from the web server’s filesystem. The issue occurs in the download_private_file functionality when the application is configured to use the CamaleonCmsAwsUploader backend. Unlike the local uploader implementation, the AWS uploader does not validate file paths with valid_folder_path?, allowing directory traversal sequences to be supplied via the file parameter. As a result, any authenticated user, including low-privileged registered users, can access sensitive files such as /etc/passwd. This issue represents a bypass of the incomplete fix for CVE-2024-46987 and affects deployments using the AWS S3 storage backend. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-13T09:53:30.512806+00:00 GHSA Importer Affected by VCID-5gks-ge3p-tya5 https://github.com/advisories/GHSA-rp28-mvq3-wf8j 38.6.0
2026-06-13T09:27:42.581360+00:00 Ruby Importer Affected by VCID-jcrg-ej53-zfeg https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/CVE-2026-1776.yml 38.6.0
2026-06-13T09:26:19.382317+00:00 Ruby Importer Affected by VCID-5gks-ge3p-tya5 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/CVE-2025-2304.yml 38.6.0
2026-06-13T09:25:18.473577+00:00 Ruby Importer Affected by VCID-9wt5-cqus-d3bm https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/GHSA-75j2-9gmc-m855.yml 38.6.0
2026-06-13T09:25:01.244434+00:00 Ruby Importer Affected by VCID-6vu4-jbn6-mqh9 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/camaleon_cms/CVE-2024-46986.yml 38.6.0
2026-06-12T21:21:24.619618+00:00 GitLab Importer Affected by VCID-jcrg-ej53-zfeg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/camaleon_cms/CVE-2026-1776.yml 38.6.0
2026-06-12T19:54:55.148419+00:00 GitLab Importer Affected by VCID-5gks-ge3p-tya5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/camaleon_cms/CVE-2025-2304.yml 38.6.0