CVE-2015-2963

medium

Published 2015-06-05 · Modified 2024-11-30

CVSS v3

—

CVSS v2

4.3

VIR risk

4.3

Description

paperclip Cross-site Scripting vulnerability

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

vendor Authored 2026-05-27

Vendor advisory: vultures@jpcert.or.jp — https://robots.thoughtbot.com/paperclip-security-release

vendor Authored 2026-05-27

Vendor advisory: vultures@jpcert.or.jp — https://github.com/thoughtbot/paperclip/commit/9aee4112f36058cd28d5fe4a006d6981bd1eda57

vendor Authored 2026-05-27

Vendor advisory: vultures@jpcert.or.jp — http://openwall.com/lists/oss-security/2015/06/19/3

vendor Authored 2026-05-27

Vendor advisory: vultures@jpcert.or.jp — http://jvndb.jvn.jp/jvndb/JVNDB-2015-000088

vendor Authored 2026-05-27

Vendor advisory: vultures@jpcert.or.jp — http://jvn.jp/en/jp/JVN83881261/index.html

Ecosystem	Package	Vulnerable	Fixed
RubyGems	paperclip	`<>= 4.2.2`	`>= 4.2.2`
RubyGems	paperclip	`<4.2.2`	`4.2.2`

Vendor	Product	Versions	Fixed
thoughtbot	paperclip	`{"endIncluding":"4.2.1"}`

CWE-79

Verify integrity in audit chain (admin only). AS-IS.