Vulnerability Description
CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in `allowlisted_content_type?` determines Content-Type permissions by performing a partial match. If the `content_type` argument of `allowlisted_content_type?` is passed a value crafted by the attacker, Content-Types not included in the `content_type_allowlist` will be allowed. This issue has been patched in versions 2.2.5 and 3.0.5.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Carrierwave Project | Carrierwave | < 2.2.5 |
Related Weaknesses (CWE)
References
- https://github.com/carrierwaveuploader/carrierwave/commit/39b282db5c1303899b3d33Patch
- https://github.com/carrierwaveuploader/carrierwave/commit/863d425c76eba12c329422Patch
- https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-gxhxVendor Advisory
- https://github.com/carrierwaveuploader/carrierwave/commit/39b282db5c1303899b3d33Patch
- https://github.com/carrierwaveuploader/carrierwave/commit/863d425c76eba12c329422Patch
- https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-gxhxVendor Advisory
FAQ
What is CVE-2023-49090?
CVE-2023-49090 is a vulnerability with a CVSS score of 6.8 (MEDIUM). CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in `...
How severe is CVE-2023-49090?
CVE-2023-49090 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-49090?
Check the references section above for vendor advisories and patch information. Affected products include: Carrierwave Project Carrierwave.