Mshibuya

**Name of the Vulnerable Software and Affected Versions** RailsAdmin versions prior to 3.1.3 RailsAdmin version 2.2.1 and earlier **Description** The issue is caused by an improperly-escaped HTML title attribute in the list view of RailsAdmin, leading to a Cross-site Scripting (XSS) vulnerability. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For versions prior to 3.1.3, upgrade to 3.1.4. For version 2.2.1 and earlier, stay on 2.2.1 or apply the workaround by copying the index view from the RailsAdmin version being used, modifying it to properly escape the HTML title attribute using `strip tags(value.to s)`, and placing it in the application. This workaround should be removed after upgrading RailsAdmin.

**Name of the Vulnerable Software and Affected Versions** CarrierWave versions prior to 2.2.5 CarrierWave versions prior to 3.0.5 **Description** The issue is related to a Content-Type allowlist bypass vulnerability in CarrierWave, which could lead to XSS attacks. The `allowlisted content type?` function performs a partial match to determine Content-Type permissions, allowing an attacker to bypass the allowlist by crafting a specific `content type` argument. This could enable the attacker to upload files with Content-Types not included in the `content type allowlist`, potentially causing XSS when the uploaded file is opened. **Recommendations** For versions prior to 2.2.5, upgrade to version 2.2.5. For versions prior to 3.0.5, upgrade to version 3.0.5. As a temporary workaround, consider modifying the `allowlisted content type?` function to perform a forward match (`A`) of the Content-Type set in `content type allowlist`, preventing unintentional permission of unwanted Content-Types.

Name of the Vulnerable Software and Affected Versions: CarrierWave versions prior to 1.3.2 CarrierWave versions prior to 2.1.1 Description: The download feature in CarrierWave has a Server-Side Request Forgery (SSRF) vulnerability, allowing attacks to provide DNS entries or IP addresses intended for internal use and gather information about the Intranet infrastructure of the platform. Recommendations: For versions prior to 1.3.2, upgrade to version 1.3.2. For versions prior to 2.1.1, upgrade to version 2.1.1. As a temporary workaround, consider using proper network segmentation and applying the principle of least privilege to outbound connections from application servers to reduce the severity of SSRF vulnerabilities. Ideally, the vulnerable gem should run on an isolated server without access to any internal network resources or cloud metadata access.

Name of the Vulnerable Software and Affected Versions: RailsAdmin versions prior to 1.4.3 RailsAdmin versions 2.x prior to 2.0.2 Description: The issue allows for XSS via nested forms, which can lead to malicious script execution. Recommendations: For versions prior to 1.4.3, update to version 1.4.3 or later. For versions 2.x prior to 2.0.2, update to version 2.0.2 or later.