CVE-2022-21831

CRITICAL

Rubyonrails Active Storage < 5.2.6.3 - Code Injection

Title source: rule

Description

A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments.

Exploits (1)

nomisec STUB
by usutani · poc
https://github.com/usutani/study-turbolinks-link

References (4)

Scores

CVSS v3 9.8
EPSS 0.0142
EPSS Percentile 80.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (3)
debian/debian_linux 10.0
rubygems/activestorage 5.2.0 - 5.2.6.3RubyGems
rubyonrails/active_storage 5.2.0 - 5.2.6.3
Published May 26, 2022
Tracked Since Feb 18, 2026