Vulnerabilities > CVE-2017-0889 - Server-Side Request Forgery (SSRF) vulnerability in Thoughtbot Paperclip

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

thoughtbot

CWE-918

NVD

Published: 2017-11-13

Updated: 2019-10-09

Summary

Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources.

Vulnerable Configurations

Part	Description	Count
Application	Thoughtbot Thoughtbot Paperclip 3.1.4 Thoughtbot Paperclip 3.2.0 Thoughtbot Paperclip 3.2.1 Thoughtbot Paperclip 3.3.0 Thoughtbot Paperclip 3.3.1 Thoughtbot Paperclip 3.4.0 Thoughtbot Paperclip 3.4.1 Thoughtbot Paperclip 3.4.2 Thoughtbot Paperclip 3.5.0 Thoughtbot Paperclip 3.5.1 Thoughtbot Paperclip 3.5.1.1 Thoughtbot Paperclip 3.5.2 Thoughtbot Paperclip 3.5.3 Thoughtbot Paperclip 3.5.4 Thoughtbot Paperclip 4.0.0 Thoughtbot Paperclip 4.1.0 Thoughtbot Paperclip 4.1.1 Thoughtbot Paperclip 4.2.0 Thoughtbot Paperclip 4.2.1 Thoughtbot Paperclip 4.2.2 Thoughtbot Paperclip 4.2.3 Thoughtbot Paperclip 4.2.4 Thoughtbot Paperclip 4.3.0 Thoughtbot Paperclip 4.3.1 Thoughtbot Paperclip 4.3.2 Thoughtbot Paperclip 4.3.3 Thoughtbot Paperclip 4.3.4 Thoughtbot Paperclip 4.3.5 Thoughtbot Paperclip 4.3.6 Thoughtbot Paperclip 4.3.7 Thoughtbot Paperclip 5.0.0 Thoughtbot Paperclip 5.1.0	34

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References