CVE-2023-49090

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-49090
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-49090.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-49090
Aliases
Downstream
Published
2023-11-29T14:38:52.195Z
Modified
2025-11-20T12:21:35.094477Z
Severity
  • 6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N CVSS Calculator
Summary
CarrierWave has a content-type allowlist bypass vulnerability, possibly leading to XSS
Details

CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in allowlisted_content_type? determines Content-Type permissions by performing a partial match. If the content_type argument of allowlisted_content_type? is passed a value crafted by the attacker, Content-Types not included in the content_type_allowlist will be allowed. This issue has been patched in versions 2.2.5 and 3.0.5.

Database specific 
{
    "cwe_ids": [
        "CWE-79"
    ]
}
References

Affected packages

Git / github.com/carrierwaveuploader/carrierwave

Affected ranges

Type
GIT
Repo
https://github.com/carrierwaveuploader/carrierwave
Events
Introduced
13330a70323cde83b319520f5c1874227de79cdf
Fixed
0fcff94cebce07b856531d6502b11466e8331409
Database specific 
{
    "versions": [
        {
            "introduced": "2.2.0"
        },
        {
            "fixed": "2.2.5"
        }
    ]
}
Type
GIT
Repo
https://github.com/carrierwaveuploader/carrierwave
Events
Introduced
269c37a6c8609c26915f31ccfada512ef12fb3cb
Fixed
5316b352b6ed38595e99622eeb954a2cd0b1d5c2
Database specific 
{
    "versions": [
        {
            "introduced": "3.0.0"
        },
        {
            "fixed": "3.0.5"
        }
    ]
}

Affected versions

v2.*

v2.2.0
v2.2.1
v2.2.2
v2.2.3
v2.2.4

v3.*

v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.0.4