CVE-2021-21288
published 2021-02-08CVE-2021-21288: CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and…
PriorityP422medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
1.17%
63.6th percentile
CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform. This is fixed in versions 1.3.2 and 2.1.1.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| carrierwave_project | carrierwave | < 1.3.2 | 1.3.2 |
| carrierwave_project | carrierwave | >= 0 < 1.3.2 | 1.3.2 |
| carrierwave_project | carrierwave | >= 2.0.0 < 2.1.1 | 2.1.1 |
| carrierwave_project | carrierwave | >= 2.0.1 < 2.1.1 | 2.1.1 |
| carrierwaveuploader | carrierwave | < 1.3.2 | 1.3.2 |
| carrierwaveuploader | carrierwave | — | — |
| debian | ruby-carrierwave | < ruby-carrierwave 1.3.2-1 (bookworm) | ruby-carrierwave 1.3.2-1 (bookworm) |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
osv4.3MEDIUM
vendor_debian4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2021-21288: ruby-carrierwave - CarrierWave is an open-source RubyGem which provides a simple and flexible way t...
vendor_debian·2021·CVSS 4.3
CVE-2021-21288 [MEDIUM] CVE-2021-21288: ruby-carrierwave - CarrierWave is an open-source RubyGem which provides a simple and flexible way t...
CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform. This is fixed in versions 1.3.2 and 2.1.1.
Scope: local
bookworm: resolved (fixed in 1.3.2-1)
GHSA
Server-side request forgery in CarrierWave
ghsa·2021-02-08
CVE-2021-21288 [MEDIUM] CWE-918 Server-side request forgery in CarrierWave
Server-side request forgery in CarrierWave
### Impact
[CarrierWave download feature](https://github.com/carrierwaveuploader/carrierwave#uploading-files-from-a-remote-location) has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform.
### Patches
Upgrade to [2.1.1](https://rubygems.org/gems/carrierwave/versions/2.1.1) or [1.3.2](https://rubygems.org/gems/carrierwave/versions/1.3.2).
### Workarounds
Using proper network segmentation and applying the principle of least privilege to outbound connections from application servers can reduce the severity of SSRF vulnerabilities. Ideally the vulnerable gem should run on an isolated server without access to any in
OSV
CVE-2021-21288: CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications
osv·2021-02-08·CVSS 4.3
CVE-2021-21288 [MEDIUM] CVE-2021-21288: CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications
CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform. This is fixed in versions 1.3.2 and 2.1.1.
OSV
Server-side request forgery in CarrierWave
osv·2021-02-08
CVE-2021-21288 [MEDIUM] Server-side request forgery in CarrierWave
Server-side request forgery in CarrierWave
### Impact
[CarrierWave download feature](https://github.com/carrierwaveuploader/carrierwave#uploading-files-from-a-remote-location) has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform.
### Patches
Upgrade to [2.1.1](https://rubygems.org/gems/carrierwave/versions/2.1.1) or [1.3.2](https://rubygems.org/gems/carrierwave/versions/1.3.2).
### Workarounds
Using proper network segmentation and applying the principle of least privilege to outbound connections from application servers can reduce the severity of SSRF vulnerabilities. Ideally the vulnerable gem should run on an isolated server without access to any in
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#132---2021-02-08https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#211---2021-02-08https://github.com/carrierwaveuploader/carrierwave/commit/012702eb3ba1663452aa025831caa304d1a665c0https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-fwcm-636p-68r5https://rubygems.org/gems/carrierwave/https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#132---2021-02-08https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#211---2021-02-08https://github.com/carrierwaveuploader/carrierwave/commit/012702eb3ba1663452aa025831caa304d1a665c0https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-fwcm-636p-68r5https://rubygems.org/gems/carrierwave/
2021-02-08
Published