| CVE-2026-44587 |
medium |
— |
5.5 |
|
|
|
3d ago |
CarrierWave has a denylisted_content_type bypass via Unescaped Regex Metacharacters |
| CVE-2024-29034 |
unknown |
— |
— |
|
|
|
2y ago |
CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. The vulnerability CVE-2023-49090 wasn't fully addressed. This vulnerability is caused by the fact that whe… |
| CVE-2023-49090 |
unknown |
— |
— |
|
|
|
3y ago |
CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in … |
| CVE-2021-21288 |
unknown |
— |
— |
|
|
|
5y ago |
CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF … |
| CVE-2021-21305 |
unknown |
— |
— |
|
|
|
5y ago |
CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1, there is a code injection vulner… |