Mori Shingo

**Name of the Vulnerable Software and Affected Versions** paperclip gem versions prior to 4.2.2 **Description** The issue allows remote attackers to upload HTML documents and conduct cross-site scripting (XSS) attacks via a spoofed content-type value. This can be achieved by providing a false `content-type` value, such as `image/jpeg`, to bypass media-type validation and upload malicious files. **Recommendations** For versions prior to 4.2.2, update to version 4.2.2 or later to resolve the issue. As a temporary workaround, consider implementing additional validation for the `content-type` value to prevent spoofing attacks. Restrict access to upload functionality to minimize the risk of exploitation.