Paperclip Gem for Ruby vulnerable to content type spoofing
Published: June 05, 2015
SECURITY IDENTIFIERS
- CVE: CVE-2015-2963 (NVD)
- GHSA: GHSA-6jvm-3j5h-79f6
- Vendor Advisory: https://robots.thoughtbot.com/paperclip-security-release
GEM
SEVERITY
CVSS v2.0: 4.3 (Medium)
PATCHED VERSIONS
>= 4.2.2
DESCRIPTION
There is an issue where if an HTML file is uploaded with a .html
extension, but the content type is listed as being image/jpeg, this
will bypass a validation checking for images. But it will also pass the
spoof check, because a file named .html and containing actual HTML
passes the spoof check.