CVE-2015-2784 (papercrop): papercrop does not properly handle crop input

May 24th, 2022

papercrop does not properly handle crop input

Published: May 24, 2022

CVE: CVE-2015-2784 (NVD)
GHSA: GHSA-m44r-gv6q-9j9r
Vendor Advisory: https://github.com/rsantamaria/papercrop/commit/b4ecd95debaf0a8712bd1d34def83f41fc6b3579

CVSS v3.x: 9.8 (Critical)

>= 0.3.0

The papercrop gem before 0.3.0 for Ruby on Rails does not properly handle crop input.