Vulnerability Database
289,697
Total vulnerabilities in the database
CVE-2022-21831
A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments.
| Software | From | Fixed in |
|---|---|---|
| rubyonrails / active_storage | 7.0.0 | 7.0.2.3 |
| rubyonrails / active_storage | 6.1.0 | 6.1.4.7 |
| rubyonrails / active_storage | 6.0.0 | 6.0.4.7 |
| rubyonrails / active_storage | 5.2.0 | 5.2.6.3 |
| debian / debian_linux | 10.0 | 10.0.x |
activestorage
|
5.2.0 | 5.2.6.3 |
|
activestorage
|
6.0.0 | 6.0.4.7 |
|
activestorage
|
6.1.0 | 6.1.4.7 |
|
activestorage
|
7.0.0 | 7.0.2.3 |
- https://github.com/advisories/GHSA-w749-p3v6-hccq
- https://github.com/rails/rails/commit/0a72f7d670e9aa77a0bb8584cb1411ddabb7546e
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2022-21831.yml
- https://groups.google.com/g/rubyonrails-security/c/n-p-W1yxatI
- https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html
- https://rubysec.com/advisories/CVE-2022-21831/
- https://security.netapp.com/advisory/ntap-20221118-0001/
- https://www.debian.org/security/2023/dsa-5372