Miggo Logo
Book a Demo
Miggo Vulnerability Database
CVE-2022-21831

CVE-2022-21831:
Possible code injection vulnerability in Rails / Active Storage

9.8

CVSS Score

Basic Information

CVE ID
CVE-2022-21831
GHSA ID
GHSA-w749-p3v6-hccq
EPSS Score
-
CWE
CWE-94
Published
3/8/2022
Updated
3/22/2023
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
activestoragerubygems>= 5.2.0, <= 5.2.6.25.2.6.3
activestoragerubygems>= 6.0.0, <= 6.0.4.66.0.4.7
activestoragerubygems>= 6.1.0, <= 6.1.4.66.1.4.7
activestoragerubygems>= 7.0.0, <= 7.0.2.27.0.2.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from unvalidated processing of image transformation parameters. The operations method iterated over transformations and built ImageMagick commands without checking if the method names/arguments were safe. The patch added validation logic (validate_transformation) to this method, confirming this was the injection point. Pre-patch versions allowed dangerous arguments like '-write /tmp/file.erb' to be passed directly to ImageMagick.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** **tiv* Stor*** mo*ul* o* R*ils st*rtin* wit* v*rsion *.*.* is possi*ly vuln*r**l* to *o** inj**tion. T*is issu* w*s p*t**** in v*rsions *.*.*.*, *.*.*.*, *.*.*.*, *n* *.*.*.*. To work *roun* t*is issu*, *ppli**tions s*oul* impl*m*nt * stri*t *llo

Reasoning

T** vuln*r**ility st*ms *rom unv*li**t** pro**ssin* o* im*** tr*ns*orm*tion p*r*m*t*rs. T** `op*r*tions` m*t*o* it*r*t** ov*r tr*ns*orm*tions *n* *uilt Im***M**i*k *omm*n*s wit*out ****kin* i* t** m*t*o* n*m*s/*r*um*nts w*r* s***. T** p*t** ***** v*l