Carrierwave Project Carrierwave — known CVE vulnerabilities
Every CVE whose affected-product data names Carrierwave Project Carrierwave, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2021-21305 — CVSS 7.4 (high): CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave…
CVE-2023-49090 — CVSS 6.8 (medium): CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist…
CVE-2024-29034 — CVSS 6.8 (medium): CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. The vulnerability CVE-2023-49090 wasn't fully…
CVE-2026-44587 — CVSS 4.7 (medium): CarrierWave is a framework to upload files from Ruby applications. In versions prior to 2.2.7 and 3.1.3, the content_type_denylist check…
CVE-2021-21288 — CVSS 4.3 (medium): CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave…