mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
1.1 KiB
1.1 KiB
CVE-2023-49090
&color=brighgreen)
Description
CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in allowlisted_content_type? determines Content-Type permissions by performing a partial match. If the content_type argument of allowlisted_content_type? is passed a value crafted by the attacker, Content-Types not included in the content_type_allowlist will be allowed. This issue has been patched in versions 2.2.5 and 3.0.5.
POC
Reference
No PoCs from references.