OSVDB-103151 (paperclip): Paperclip: Access Restriction Bypass

Paperclip: Access Restriction Bypass

Published: January 31, 2014

SECURITY IDENTIFIERS

OSVDB: OSVDB-103151
Vendor Advisory: https://security.snyk.io/vuln/SNYK-RUBY-PAPERCLIP-20144

GEM

paperclip

PATCHED VERSIONS

>= 4.0.0

DESCRIPTION

Paperclip Gem for Ruby contains a flaw that is due to the application failing to properly validate the file extension, instead only validating the Content-Type header during file uploads. This may allow a remote attacker to bypass restrictions on file types for uploaded files by spoofing the content-type.

https://thoughtbot.com/blog/prevent-spoofing-with-paperclip
https://www.theregister.com/2014/02/09/content_type_spoofing_bug_in_ror_paperclip
https://security.snyk.io/vuln/SNYK-RUBY-PAPERCLIP-20144
http://osvdb.org/show/osvdb/103151

RubySec

OSVDB-103151 (paperclip): Paperclip: Access Restriction Bypass

Paperclip: Access Restriction Bypass

SECURITY IDENTIFIERS

GEM

PATCHED VERSIONS

DESCRIPTION

RELATED

Recent Advisories