2017-11-13 18:29:00 2019-10-10 01:21:08

Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL
Thoughtbot Paperclip 5.0.0 Beta1 ~~~ruby~~ (not an official CPE) Thoughtbot Paperclip 5.0.0 ~~~ruby~~ (not an official CPE) Thoughtbot Paperclip 4.3.7 ~~~ruby~~ (not an official CPE) Thoughtbot Paperclip 4.3.6 ~~~ruby~~ (not an official CPE) Thoughtbot Paperclip 4.3.5 ~~~ruby~~ (not an official CPE) Thoughtbot Paperclip 4.3.4 ~~~ruby~~ (not an official CPE) Thoughtbot Paperclip 4.3.3 ~~~ruby~~ (not an official CPE) Thoughtbot Paperclip 4.3.2 ~~~ruby~~ (not an official CPE) Thoughtbot Paperclip 4.3.1 ~~~ruby~~ (not an official CPE) Thoughtbot Paperclip 4.3.0 ~~~ruby~~ (not an official CPE) Thoughtbot Paperclip 4.2.4 ~~~ruby~~ (not an official CPE) Thoughtbot Paperclip 4.2.3 ~~~ruby~~ (not an official CPE) Thoughtbot Paperclip 4.2.2 ~~~ruby~~ (not an official CPE) Thoughtbot Paperclip for Ruby 4.2.1 Thoughtbot Paperclip 4.2.0 ~~~ruby~~ (not an official CPE) Thoughtbot Paperclip 4.1.1 ~~~ruby~~ (not an official CPE) Thoughtbot Paperclip 4.1.0 ~~~ruby~~ (not an official CPE) Thoughtbot Paperclip 4.0.0 ~~~ruby~~ (not an official CPE) Thoughtbot Paperclip 3.5.4 ~~~ruby~~ (not an official CPE) Thoughtbot Paperclip 3.5.3 ~~~ruby~~ (not an official CPE) Thoughtbot Paperclip 3.5.2 ~~~ruby~~ (not an official CPE) Thoughtbot Paperclip 3.5.1.1 ~~~ruby~~ (not an official CPE) Thoughtbot Paperclip 3.5.1 ~~~ruby~~ (not an official CPE) Thoughtbot Paperclip 3.5.0 ~~~ruby~~ (not an official CPE) Thoughtbot Paperclip 3.4.2 ~~~ruby~~ (not an official CPE) Thoughtbot Paperclip 3.4.1 ~~~ruby~~ (not an official CPE) Thoughtbot Paperclip 3.4.0 ~~~ruby~~ (not an official CPE) Thoughtbot Paperclip 3.3.1 ~~~ruby~~ (not an official CPE) Thoughtbot Paperclip 3.3.0 ~~~ruby~~ (not an official CPE) Thoughtbot Paperclip 3.2.1 ~~~ruby~~ (not an official CPE) Thoughtbot Paperclip 3.2.0 ~~~ruby~~ (not an official CPE) Thoughtbot Paperclip 3.1.4 ~~~ruby~~ (not an official CPE) Thoughtbot Paperclip 5.0.0 Beta2 ~~~ruby~~ (not an official CPE) Thoughtbot Paperclip 5.1.0 ~~~ruby~~ (not an official CPE)