ADVISORIES
GEM
SEVERITY
CVSS v2.0: 4.3 (Medium)
PATCHED VERSIONS
- >= 4.2.2
DESCRIPTION
There is an issue where if an HTML file is uploaded with a .html
extension, but the content type is listed as being image/jpeg, this
will bypass a validation checking for images. But it will also pass the
spoof check, because a file named .html and containing actual HTML
passes the spoof check.