CVE-2022-21831
CRITICALActive Storage 5.2.0-5.2.6.2 - Code Injection via Image Processing Arguments
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2022-21831. PoCs published by usutani.
AI-analyzed exploit summary This repository appears to be a stub or study project for Turbolinks, lacking exploit code or PoC for CVE-2024-26144. It contains a basic Rails application structure with Turbolinks integration but no offensive techniques.
Description
A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments.
Exploits (1)
nomisec
STUB
by usutani · poc
https://github.com/usutani/study-turbolinks-link
This repository appears to be a stub or study project for Turbolinks, lacking exploit code or PoC for CVE-2024-26144. It contains a basic Rails application structure with Turbolinks integration but no offensive techniques.
Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target:
Turbolinks (version unspecified)
No auth needed
Prerequisites:
None identified
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (4)
Core 4
Core References
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/09/msg00002.html
Third Party Advisory vendor-advisory
https://www.debian.org/security/2023/dsa-5372
Patch, Third Party Advisory
https://github.com/advisories/GHSA-w749-p3v6-hccq
Third Party Advisory
https://security.netapp.com/advisory/ntap-20221118-0001/
Scores
CVSS v3
9.8
EPSS
0.0142
EPSS Percentile
81.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (3)
debian/debian_linux
10.0
rubygems/activestorage
5.2.0 - 5.2.6.3RubyGems
rubyonrails/active_storage
5.2.0 - 5.2.6.3
Published
May 26, 2022
Tracked Since
Feb 18, 2026