pkg:RubyGems/activestorage

All known vulnerabilities

• CRITICAL9.8CVE-2026-33195Rails Active Storage has possible Path Traversal in DiskService
  >= 8.1.0.beta1, < 8.1.2.1
• CRITICAL9.8CVE-2022-21831Possible code injection vulnerability in Rails / Active Storage
  >= 5.2.0, < 5.2.6.3
• CRITICAL9.1CVE-2026-33202Rails Active Storage has possible glob injection in its DiskService
  >= 8.1.0.beta1, < 8.1.2.1
• HIGH7.5CVE-2026-33174Rails Active Storage has a possible DoS vulnerability when in proxy mode via Range requests
  >= 8.1.0.beta1, < 8.1.2.1
• HIGH7.5CVE-2020-8162Circumvention of file size limits in ActiveStorage
  >= 5.0.0, < 5.2.4.3
• MEDIUM6.5CVE-2026-33658Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests
  >= 8.1.0, < 8.1.2.1
• MEDIUM6.5CVE-2018-16477Exposure of Sensitive Information to an Unauthorized Actor in activestorage
  >= 5.2.0, < 5.2.1.1
• MEDIUM5.3CVE-2026-33173Rails Active Storage has possible content type bypass via metadata in direct uploads
  >= 8.1.0.beta1, < 8.1.2.1
• MEDIUM5.3CVE-2024-26144Possible Sensitive Session Information Leak in Active Storage
  >= 5.2.0, < 6.1.7.7
• —CVE-2025-24293Active Storage allowed transformation methods that were potentially unsafe
  >= 8.0, < 8.0.2.1