{"url":"http://public2.vulnerablecode.io/api/packages/390505?format=json","purl":"pkg:gem/carrierwave@0.2.3","type":"gem","namespace":"","name":"carrierwave","version":"0.2.3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.3.2","latest_non_vulnerable_version":"3.1.3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42939?format=json","vulnerability_id":"VCID-bzun-wcwd-83bp","summary":"Code Injection vulnerability in CarrierWave::RMagick\n### Impact\n[CarrierWave::RMagick](https://github.com/carrierwaveuploader/carrierwave/blob/master/lib/carrierwave/processing/rmagick.rb) has a Code Injection vulnerability. Its `#manipulate!` method inappropriately evals the content of mutation option(`:read`/`:write`), allowing attackers to craft a string that can be executed as a Ruby code.\nIf an application developer supplies untrusted inputs to the option, it will lead to remote code execution(RCE).\n\n(But supplying untrusted input to the option itself is dangerous even in absence of this vulnerability, since is prone to DoS vulnerability - attackers can try to consume massive amounts of memory by resizing to a very large dimension)\n\n### Proof of Concept\n```ruby\nclass MyUploader < CarrierWave::Uploader::Base\n  include CarrierWave::RMagick\nend\n\nMyUploader.new.manipulate!({ read: { density: \"1 }; p 'Hacked'; {\" }}) # => shows \"Hacked\"\n```\n\n### Patches\nUpgrade to [2.1.1](https://rubygems.org/gems/carrierwave/versions/2.1.1) or [1.3.2](https://rubygems.org/gems/carrierwave/versions/1.3.2).\n\n### Workarounds\nStop supplying untrusted input to `#manipulate!`'s mutation option.\n\n### References\n[Code Injection Software Attack](https://owasp.org/www-community/attacks/Code_Injection)\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [CarrierWave repo](https://github.com/carrierwaveuploader/carrierwave)\n* Email me at [mit.shibuya@gmail.com](mailto:mit.shibuya@gmail.com)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21305","reference_id":"","reference_type":"","scores":[{"value":"0.0282","scoring_system":"epss","scoring_elements":"0.864","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21305"},{"reference_url":"https://github.com/carrierwaveuploader/carrierwave","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/carrierwaveuploader/carrierwave"},{"reference_url":"https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#132---2021-02-08","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#132---2021-02-08"},{"reference_url":"https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#211---2021-02-08","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#211---2021-02-08"},{"reference_url":"https://github.com/carrierwaveuploader/carrierwave/commit/387116f5c72efa42bc3938d946b4c8d2f22181b7","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/carrierwaveuploader/carrierwave/commit/387116f5c72efa42bc3938d946b4c8d2f22181b7"},{"reference_url":"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-cf3w-g86h-35x4","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-cf3w-g86h-35x4"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/carrierwave/CVE-2021-21305.yml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/carrierwave/CVE-2021-21305.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21305","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21305"},{"reference_url":"https://rubygems.org/gems/carrierwave","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubygems.org/gems/carrierwave"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982551","reference_id":"982551","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982551"},{"reference_url":"https://usn.ubuntu.com/7497-1/","reference_id":"USN-7497-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7497-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77111?format=json","purl":"pkg:gem/carrierwave@1.3.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/carrierwave@1.3.2"},{"url":"http://public2.vulnerablecode.io/api/packages/471865?format=json","purl":"pkg:gem/carrierwave@2.0.0.rc","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/carrierwave@2.0.0.rc"},{"url":"http://public2.vulnerablecode.io/api/packages/77112?format=json","purl":"pkg:gem/carrierwave@2.1.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/carrierwave@2.1.1"}],"aliases":["CVE-2021-21305","GHSA-cf3w-g86h-35x4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bzun-wcwd-83bp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43020?format=json","vulnerability_id":"VCID-d1cu-qy8c-sya1","summary":"Server-side request forgery in CarrierWave\n### Impact\n[CarrierWave download feature](https://github.com/carrierwaveuploader/carrierwave#uploading-files-from-a-remote-location) has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform.\n\n### Patches\nUpgrade to [2.1.1](https://rubygems.org/gems/carrierwave/versions/2.1.1) or [1.3.2](https://rubygems.org/gems/carrierwave/versions/1.3.2).\n\n### Workarounds\nUsing proper network segmentation and applying the principle of least privilege to outbound connections from application servers can reduce the severity of SSRF vulnerabilities. Ideally the vulnerable gem should run on an isolated server without access to any internal network resources or cloud metadata access.\n\n### References\n[Server-Side Request Forgery Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html)\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [CarrierWave repo](https://github.com/carrierwaveuploader/carrierwave)\n* Email me at [mit.shibuya@gmail.com](mailto:mit.shibuya@gmail.com)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21288","reference_id":"","reference_type":"","scores":[{"value":"0.002","scoring_system":"epss","scoring_elements":"0.4198","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21288"},{"reference_url":"https://github.com/carrierwaveuploader/carrierwave","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/carrierwaveuploader/carrierwave"},{"reference_url":"https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#132---2021-02-08","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#132---2021-02-08"},{"reference_url":"https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#211---2021-02-08","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#211---2021-02-08"},{"reference_url":"https://github.com/carrierwaveuploader/carrierwave/commit/012702eb3ba1663452aa025831caa304d1a665c0","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/carrierwaveuploader/carrierwave/commit/012702eb3ba1663452aa025831caa304d1a665c0"},{"reference_url":"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-fwcm-636p-68r5","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":""},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-fwcm-636p-68r5"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/carrierwave/CVE-2021-21288.yml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/carrierwave/CVE-2021-21288.yml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21288","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21288"},{"reference_url":"https://rubygems.org/gems/carrierwave","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubygems.org/gems/carrierwave"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982552","reference_id":"982552","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982552"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77111?format=json","purl":"pkg:gem/carrierwave@1.3.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/carrierwave@1.3.2"},{"url":"http://public2.vulnerablecode.io/api/packages/471865?format=json","purl":"pkg:gem/carrierwave@2.0.0.rc","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/carrierwave@2.0.0.rc"},{"url":"http://public2.vulnerablecode.io/api/packages/77112?format=json","purl":"pkg:gem/carrierwave@2.1.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/carrierwave@2.1.1"}],"aliases":["CVE-2021-21288","GHSA-fwcm-636p-68r5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d1cu-qy8c-sya1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/114810?format=json","vulnerability_id":"VCID-tdqc-uqba-q3a5","summary":"This package is vulnerable to Information Exposure. When an exception message occurs, it contains the full path of the project directory.","references":[{"reference_url":"https://github.com/carrierwaveuploader/carrierwave/commit/96314bb42c32d6b24278474e1c877b53a88bfaf8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/carrierwaveuploader/carrierwave/commit/96314bb42c32d6b24278474e1c877b53a88bfaf8"},{"reference_url":"https://github.com/carrierwaveuploader/carrierwave/pull/1361","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/carrierwaveuploader/carrierwave/pull/1361"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/367379?format=json","purl":"pkg:gem/carrierwave@1.0.0.beta","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-bzun-wcwd-83bp"},{"vulnerability":"VCID-d1cu-qy8c-sya1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/carrierwave@1.0.0.beta"}],"aliases":["GMS-2014-3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tdqc-uqba-q3a5"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/carrierwave@0.2.3"}