Headline
CVE-2022-21831: CVE-2022-21831 - GitHub Advisory Database
A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments.
Package
bundler activestorage (RubyGems )
Affected versions
>= 5.2.0, <= 5.2.6.2
>= 6.0.0, <= 6.0.4.6
>= 6.1.0, <= 6.1.4.6
>= 7.0.0, <= 7.0.2.2
Patched versions
5.2.6.3
6.0.4.7
6.1.4.7
7.0.2.3
Related news
Debian Security Advisory 5372-1
Debian Linux Security Advisory 5372-1 - Multiple vulnerabilities were discovered in rails, the Ruby based server-side MVC web application framework, which could result in XSS, data disclosure and open redirect.