pkg:RubyGems/activestorage

All known vulnerabilities

• CRITICAL9.8CVE-2026-33195Rails Active Storage has possible Path Traversal in DiskService
  >= 8.1.0.beta1, < 8.1.2.1
• CRITICAL9.8CVE-2022-21831rails - security update
  >= 5.2.0, < 5.2.6.3
• CRITICAL9.1CVE-2026-33202Rails Active Storage has possible glob injection in its DiskService
  >= 8.1.0.beta1, < 8.1.2.1
• HIGH7.5Rails Active Storage has a possible DoS vulnerability when in proxy mode via Range requests
  >= 8.1.0.beta1, < 8.1.2.1
• HIGH7.5Circumvention of file size limits in ActiveStorage
  >= 5.0.0, < 5.2.4.3
• MEDIUM6.5Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests
  >= 8.1.0, < 8.1.2.1
• MEDIUM6.5Exposure of Sensitive Information to an Unauthorized Actor in activestorage
  >= 5.2.0, < 5.2.1.1
• MEDIUM5.3Rails Active Storage has possible content type bypass via metadata in direct uploads
  >= 8.1.0.beta1, < 8.1.2.1
• MEDIUM5.3Possible Sensitive Session Information Leak in Active Storage
  >= 5.2.0, < 6.1.7.7
• —rails - security update
  >= 8.0, < 8.0.2.1