CVE-2021-21305

Published: Feb 8, 2021Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1, there is a code injection vulnerability. The "#manipulate!" method inappropriately evals the content of mutation option(:read/:write), allowing attackers to craft a string that can be executed as a Ruby code. If an application developer supplies untrusted inputs to the option, it will lead to remote code execution(RCE). This is fixed in versions 1.3.2 and 2.1.1.

Affected (2)

Products: Carrierwave Project: Carrierwave

Carrierwave Project

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Carrierwave Project Carrierwave	Before 1.3.2
Carrierwave Project Carrierwave	From 2.0.1 to 2.1.1

Related CWEs

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (10)

https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#132---2021-02-08

Source: security-advisories@github.com

Release NotesThird Party Advisory

https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#211---2021-02-08

Source: security-advisories@github.com

Release NotesThird Party Advisory

https://github.com/carrierwaveuploader/carrierwave/commit/387116f5c72efa42bc3938d946b4c8d2f22181b7

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-cf3w-g86h-35x4

Source: security-advisories@github.com

ExploitThird Party Advisory

https://rubygems.org/gems/carrierwave

Source: security-advisories@github.com

ProductThird Party Advisory

https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#132---2021-02-08

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#211---2021-02-08

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://github.com/carrierwaveuploader/carrierwave/commit/387116f5c72efa42bc3938d946b4c8d2f22181b7

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-cf3w-g86h-35x4

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://rubygems.org/gems/carrierwave

Source: af854a3a-2127-422b-91ae-364da2661108

ProductThird Party Advisory

Timeline

No history available yet.