File Upload Vulnerability in CarrierWave Framework by Ruby
CVE-2026-44587
4.7MEDIUM
What is CVE-2026-44587?
In the CarrierWave framework, a serious issue arises due to the failure of the content_type_denylist check to properly escape regex metacharacters. This oversight allows attackers to upload potentially malicious SVG files containing arbitrary JavaScript, leading to stored XSS vulnerabilities. The affected versions do not accurately match the intended content types on the denylist, making applications reliant on this security feature vulnerable to exploitation. The issue is resolved in versions 2.2.7 and 3.1.3, emphasizing the critical nature of keeping software up to date.
Affected Version(s)
carrierwave < 2.2.7 < 2.2.7
carrierwave >= 3.0.0.rc, < 3.1.3 < 3.0.0.rc, 3.1.3