VIR Vulnerability Intelligence Relay

Package impact

ruby RubyGems / activestorage

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-33195 high 8.0 2mo ago Rails Active Storage has possible Path Traversal in DiskService susedebianruby
CVE-2026-33658 medium 6.5 6.5 2mo ago Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests debianruby
CVE-2026-33173 medium 5.5 2mo ago Rails Active Storage has possible content type bypass via metadata in direct uploads susedebianruby
CVE-2026-33174 medium 5.5 2mo ago Rails Active Storage has a possible DoS vulnerability when in proxy mode via Range requests susedebianruby
CVE-2026-33202 medium 5.5 2mo ago Rails Active Storage has possible glob injection in its DiskService susedebianruby
CVE-2025-24293 unknown 10mo ago # Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The … susedebianruby
CVE-2024-26144 unknown 2y ago Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along… susedebianruby
CVE-2022-21831 unknown 4y ago A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments. susedebianruby
CVE-2020-8162 unknown 6y ago A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be m… debianruby
CVE-2018-16477 unknown 8y ago A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in w… debianruby