Skip to content

SSRF vulnerability in CarrierWave remote file upload

Moderate
mshibuya published GHSA-fwcm-636p-68r5 Feb 8, 2021

Package

bundler carrierwave (RubyGems)

Affected versions

< 2.1.1 and < 1.3.2

Patched versions

2.1.1, 1.3.2

Description

Impact

CarrierWave download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform.

Patches

Upgrade to 2.1.1 or 1.3.2.

Workarounds

Using proper network segmentation and applying the principle of least privilege to outbound connections from application servers can reduce the severity of SSRF vulnerabilities. Ideally the vulnerable gem should run on an isolated server without access to any internal network resources or cloud metadata access.

References

Server-Side Request Forgery Prevention Cheat Sheet

For more information

If you have any questions or comments about this advisory:

Severity

Moderate

CVE ID

CVE-2021-21288

Weaknesses

No CWEs

Credits