1 results (0.001 seconds)

CVSS: 9.8EPSS: 4%CPEs: 5EXPL: 0

A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments. Se presenta una vulnerabilidad de inyección de código en Active Storage versiones posteriores a v5.2.0 incluyéndola, que podría permitir a un atacante ejecutar código por medio de argumentos image_processing • https://github.com/advisories/GHSA-w749-p3v6-hccq https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html https://security.netapp.com/advisory/ntap-20221118-0001 https://www.debian.org/security/2023/dsa-5372 • CWE-94: Improper Control of Generation of Code ('Code Injection') •