Sha256: 50df027678ca4825f85c41e48fb016ff0cfb375b197c5b4593bf46f50ef7dd3a

Contents?: true

Size: 552 Bytes

Versions: 6

Compression:

Stored size: 552 Bytes

Contents

---
gem: paperclip
cve: 2015-2963
url: https://robots.thoughtbot.com/paperclip-security-release
title: |
  Paperclip Gem for Ruby vulnerable to content type spoofing
date: 2015-06-05
description: |
  There is an issue where if an HTML file is uploaded with a .html
  extension, but the content type is listed as being `image/jpeg`, this
  will bypass a validation checking for images. But it will also pass the
  spoof check, because a file named .html and containing actual HTML
  passes the spoof check.
cvss_v2: 4.3
patched_versions:
  - ">= 4.2.2"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/paperclip/CVE-2015-2963.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/paperclip/CVE-2015-2963.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/paperclip/CVE-2015-2963.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/paperclip/CVE-2015-2963.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/paperclip/CVE-2015-2963.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/paperclip/CVE-2015-2963.yml