You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
carrierwaveuploader/carrierwave#1933 indicates that there's a vulnerability in the way we handle uploads. When a fix is available we need to upgrade carrierwave.
The text was updated successfully, but these errors were encountered:
The policy.xml will restrict what ImageMagick is able to do but there's an underlying problem in that we were able to get the exploit through whitehall by simply changing the file extension from mvg to jpg. I think that's what the linked issue is referring to - carrierwave should be more robust when checking what kind of file is being uploaded, and we should blacklist things that don't match image formats we accept.
carrierwaveuploader/carrierwave#1933 indicates that there's a vulnerability in the way we handle uploads. When a fix is available we need to upgrade carrierwave.
The text was updated successfully, but these errors were encountered: