| CVE-2026-33195 |
high |
— |
8.0 |
|
|
|
3mo ago |
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's `DiskService#path_for` does not validate that the … |
| CVE-2026-33658 |
medium |
6.5 |
6.5 |
|
|
|
2mo ago |
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 Active Storage's proxy controller does not limit the number of byte … |
| CVE-2026-33173 |
medium |
— |
5.5 |
|
|
|
3mo ago |
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, `DirectUploadsController` accepts arbitrary metadata from the clien… |
| CVE-2026-33174 |
medium |
— |
5.5 |
|
|
|
3mo ago |
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when serving files through Active Storage's proxy delivery mode, th… |
| CVE-2026-33202 |
medium |
— |
5.5 |
|
|
|
3mo ago |
Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's `DiskService#delete_prefixed` passes blob keys dir… |
