CVE-2015-2963

Name of the Vulnerable Software and Affected Versions paperclip gem versions prior to 4.2.2

Description The issue allows remote attackers to upload HTML documents and conduct cross-site scripting (XSS) attacks via a spoofed content-type value. This can be achieved by providing a false content-type value, such as image/jpeg, to bypass media-type validation and upload malicious files.

Recommendations For versions prior to 4.2.2, update to version 4.2.2 or later to resolve the issue. As a temporary workaround, consider implementing additional validation for the content-type value to prevent spoofing attacks. Restrict access to upload functionality to minimize the risk of exploitation.