847973 – (CVE-2022-21831) <dev-ruby/activestorage-{5.2.7.1,6.0.4.7,6.1.5.1,7.0.2.3}: code injection via image_processing arguments

Bug 847973 (CVE-2022-21831) - <dev-ruby/activestorage-{5.2.7.1,6.0.4.7,6.1.5.1,7.0.2.3}: code injection via image_processing arguments

Summary: <dev-ruby/activestorage-{5.2.7.1,6.0.4.7,6.1.5.1,7.0.2.3}: code injection via...

Status:	RESOLVED FIXED

Alias:	CVE-2022-21831

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:	https://github.com/advisories/GHSA-w7...
Whiteboard:	~2 [noglsa]
Keywords:

Depends on:	848051
Blocks:
	Show dependency tree

Reported:	2022-05-28 21:50 UTC by John Helmert III
Modified:	2022-07-25 19:18 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2022-05-28 21:50:50 UTC

CVE-2022-21831:

A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments.

Please cleanup remaining affected versions.

Comment 1 Hans de Graaff gentoo-dev

2022-07-25 08:36:21 UTC

Cleanup done.

Comment 2 John Helmert III archtester

2022-07-25 19:18:54 UTC

Thanks! All done