Paperclip vulnerability leading to XSS or RCE.

homakov.blogspot.com

Paperclip is the most popular upload tool for Ruby on Rails, and I found a way to upload a file with arbitrary extension, which can lead to...

2 pages link to this URL

Thoughtbot Jon Yurek Feb 14, 2014

Paperclip 4.0 and 4.1 contain security fixes to prevent spoofing. A content type or filename validation is also now required.

1 inbound link article en WebRubyPaperclipOpen Source

Thoughtbot Mike Burns May 14, 2018

We are deprecating Paperclip in favor of ActiveStorage. Learn what this means for you.

5 inbound links article en NewsPaperclipRuby