Published: 26/05/2022 Updated: 14/03/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 606

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an malicious user to execute code via image_processing arguments.

Vulnerable Product	Search on Vulmon	Subscribe to Product
rubyonrails active storage
debian debian linux 10.0

Debian Bug report logs - #1011940 rails: CVE-2022-21831 code injection vulnerability exists in Active Storage Package: src:rails; Maintainer for src:rails is Debian Ruby Team <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Neil Williams <codehelp@debianorg> Date: Fri, 27 May 2022 11:54:01 UTC Sev ...

Multiple vulnerabilities were discovered in rails, the Ruby based server-side MVC web application framework, which could result in XSS, data disclosure and open redirect For the stable distribution (bullseye), these problems have been fixed in version 2:6037+dfsg-2+deb11u1 We recommend that you upgrade your rails packages For the detailed sec ...

CWE-94 https://github.com/advisories/GHSA-w749-p3v6-hccq https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html https://security.netapp.com/advisory/ntap-20221118-0001/https://www.debian.org/security/2023/dsa-5372 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011940 https://nvd.nist.gov https://www.debian.org/security/2023/dsa-5372

CVE-2022-21831

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect