CNNVD-202601-5071 Information

CNNVD ID

CNNVD-202601-5071

Related CVE

CVE-2025-24293

• CNNVD Published: 2026-01-30

Description (Chinese)

Active Storage是一款用于将文件上传到多种云存储服务，并将文件附加到Active Record对象的插件。 Active Storage存在安全漏洞，该漏洞源于允许使用潜在不安全的图像转换方法，可能导致命令注入。

Description (English)

Active Stock is a plugin for uploading documents to multiple cloud storage services and attaching them to Active Record objects. There is a security loophole in Active Storage, which stems from allowing the use of potentially unsafe image conversion methods, which may lead to command injections.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2026-01-30

Last Modified

2026-02-24

References

https://github.com/advisories/GHSA-r4mg-4433-c7g3 https://vigilance.fr/vulnerability/Rails-Active-Storage-code-execution-via-Transformation-Methods-49185

Patch

https://guides.rubyonrails.org/active_storage_overview.html