1 results (0.001 seconds)

CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 0

26 May 2022 — A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments. Se presenta una vulnerabilidad de inyección de código en Active Storage versiones posteriores a v5.2.0 incluyéndola, que podría permitir a un atacante ejecutar código por medio de argumentos image_processing Multiple vulnerabilities were discovered in rails, the Ruby based server-side MVC web application framework, which could result in XSS, data disclosure and o... • https://github.com/advisories/GHSA-w749-p3v6-hccq • CWE-94: Improper Control of Generation of Code ('Code Injection') •