CVE-2023-49090

Name of the Vulnerable Software and Affected Versions CarrierWave versions prior to 2.2.5 CarrierWave versions prior to 3.0.5

Description The issue is related to a Content-Type allowlist bypass vulnerability in CarrierWave, which could lead to XSS attacks. The allowlisted content type? function performs a partial match to determine Content-Type permissions, allowing an attacker to bypass the allowlist by crafting a specific content type argument. This could enable the attacker to upload files with Content-Types not included in the content type allowlist, potentially causing XSS when the uploaded file is opened.

Recommendations For versions prior to 2.2.5, upgrade to version 2.2.5. For versions prior to 3.0.5, upgrade to version 3.0.5. As a temporary workaround, consider modifying the allowlisted content type? function to perform a forward match (A) of the Content-Type set in content type allowlist, preventing unintentional permission of unwanted Content-Types.