Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 847973 (CVE-2022-21831)

Summary: <dev-ruby/activestorage-{5.2.7.1,6.0.4.7,6.1.5.1,7.0.2.3}: code injection via image_processing arguments
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: ruby
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/advisories/GHSA-w749-p3v6-hccq
Whiteboard: ~2 [noglsa]
Package list:
Runtime testing required: ---
Bug Depends on: 848051    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-28 21:50:50 UTC 
CVE-2022-21831:

A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments.

Please cleanup remaining affected versions.
Comment 1 Hans de Graaff gentoo-dev Security 2022-07-25 08:36:21 UTC 
Cleanup done.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-07-25 19:18:54 UTC 
Thanks! All done