Hacking file uploaders with race condition
TL;DR I use a race condition to upload two avatars at the same time to exploit another Paperclip bug and get remote code execution on Apach...
Prevent Spoofing with Paperclip
robots.thoughtbot.comPaperclip 4.0 and 4.1 contain security fixes to prevent spoofing. A content type or filename validation is also now required.