FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Carrierwave -- Multiple vulnerabilities

Affected packages
rubygem-carrierwave < 1.3.2

Details

VuXML ID 76a07f31-a860-11eb-8ddb-001b217b3468
Discovery 2021-02-08
Entry 2021-04-28

Community reports:

Fix Code Injection vulnerability in CarrierWave::RMagick

Fix SSRF vulnerability in the remote file download feature

References

CVE Name CVE-2021-21288
CVE Name CVE-2021-21305
URL https://github.com/carrierwaveuploader/carrierwave/blob/master/CHANGELOG.md#132---2021-02-08