CVE-2017-0889

Name of the Vulnerable Software and Affected Versions Paperclip ruby gem versions 3.1.4 and later

Description The issue affects the Paperclip::UriAdapter class, allowing attackers to potentially access information about internal network resources through a Server-Side Request Forgery (SSRF) vulnerability. This could enable attackers to gather sensitive information.

Recommendations For versions 3.1.4 and later, consider restricting access to the Paperclip::UriAdapter class until a patch is available. As a temporary workaround, review and limit the use of internal network resources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.