mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-29 01:31:01 +00:00
767 B
767 B
CVE-2015-2963
Description
The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider the content-type value during media-type validation, which allows remote attackers to upload HTML documents and conduct cross-site scripting (XSS) attacks via a spoofed value, as demonstrated by image/jpeg.
POC
Reference
No PoCs from references.