Rails Activestorage
6 CVEs affecting Rails Activestorage. Latest disclosed: 2026-03-26. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-33658 | Medium | 6.5 | 2026-03-26 | Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 Active Storage's proxy contr… |
CVE-2026-33202 | | 2026-03-23 | Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's `DiskServi… | |
CVE-2026-33195 | | 2026-03-23 | Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's `DiskServi… | |
CVE-2026-33174 | | 2026-03-23 | Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when serving files through… | |
CVE-2026-33173 | | 2026-03-23 | Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, `DirectUploadsController` a… | |
CVE-2025-24293 | | 2026-01-30 | # Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation me… |