VulnerableCode Package Details - pkg:gem/paperclip@4.2.4

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:gem/paperclip@4.2.4

Essentials
History (2)

purl	pkg:gem/paperclip@4.2.4

Next non-vulnerable version	5.2.0
Latest non-vulnerable version	5.2.0
Risk	4.5

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-7u74-jkq2-pygf Aliases: GMS-2015-32	It's possible to cause a DoS by uploading files with a spoofed media type, because it causes megabytes of logging to be written.	4.3.6 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-b6da-ujn4-7ya4 Aliases: CVE-2017-0889 GHSA-5jcf-c5rg-rmm8	Paperclip suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the `Paperclip::UriAdapter` class. Attackers may be able to access information about internal network resources.	5.2.0 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T20:10:10.195054+00:00	GitLab Importer	Affected by	VCID-b6da-ujn4-7ya4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/paperclip/CVE-2017-0889.yml	38.6.0
2026-06-04T20:05:04.559028+00:00	GitLab Importer	Affected by	VCID-7u74-jkq2-pygf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/paperclip/GMS-2015-32.yml	38.6.0