Vulnerability Details CVE-2015-2784
The papercrop gem before 0.3.0 for Ruby on Rails does not properly handle crop input.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/rsantamaria/papercrop/blob/master/CHANGELOG.md
- https://github.com/rsantamaria/papercrop/commit/b4ecd95debaf0a8712bd1d34def83f41fc6b3579
- https://github.com/rsantamaria/papercrop/blob/master/CHANGELOG.md
- https://github.com/rsantamaria/papercrop/commit/b4ecd95debaf0a8712bd1d34def83f41fc6b3579
Products affected by CVE-2015-2784
-
cpe:2.3:a:papercrop_project:papercrop:0.0.7
-
cpe:2.3:a:papercrop_project:papercrop:0.1.0
-
cpe:2.3:a:papercrop_project:papercrop:0.1.1
-
cpe:2.3:a:papercrop_project:papercrop:0.2.0