CVE-2023-49090 MEDIUM

CVE-2023-49090: CarrierWave has a content-type allowlist bypass vulnerability, possibly leading to XSS

Vendor Carrierwaveuploader
Product carrierwave
Weakness CWE-79 · XSS
Published November 29, 2023
Last update October 11, 2024

CVSS base score

6.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in `allowlisted_content_type?` determines Content-Type permissions by performing a partial match. If the `content_type` argument of `allowlisted_content_type?` is passed a value crafted by the attacker, Content-Types not included in the `content_type_allowlist` will be allowed. This issue has been patched in versions 2.2.5 and 3.0.5.

Key dates

02Disclosure timeline

November 29, 2023 CVE published
October 11, 2024 Record updated