CVE-2022-21831

Summary

A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments.

Affected Software

VendorProductVersion RangeStatus
n/ahttps://github.com/rails/rails7.0.2.3, 6.1.4.7, 6.0.4.7, 5.2.6.3affected

Weaknesses

  • CWE-94: Code Injection (CWE-94)

ADP Enrichment

CVE Program Container

Additional References

References