QID 996120
Date Published: 2023-11-30
QID 996120: Rubygems (Rubygems) Security Update for carrierwave (GHSA-gxhx-g4fq-49hj)
CarrierWave::Uploader::ContentTypeAllowlist has a Content-Type allowlist bypass vulnerability, possibly leading to XSS.
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Github security advisory GHSA-gxhx-g4fq-49hj for updates and patch information.
Vendor References
- GHSA-gxhx-g4fq-49hj -
github.com/advisories/GHSA-gxhx-g4fq-49hj
CVEs related to QID 996120
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| GHSA-gxhx-g4fq-49hj | carrierwave |
|