{"id":"CVE-2024-29034","summary":"CarrierWave's Content-Type allowlist bypass vulnerability which possibly leads to XSS remained","details":"CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. The vulnerability CVE-2023-49090 wasn't fully addressed. This vulnerability is caused by the fact that when uploading to object storage, including Amazon S3, it is possible to set a Content-Type value that is interpreted by browsers to be different from what's allowed by `content_type_allowlist`, by providing multiple values separated by commas. This bypassed value can be used to cause XSS. Upgrade to 3.0.7 or 2.2.6.\n","aliases":["GHSA-vfmv-jfc5-pjjw"],"modified":"2026-04-10T05:11:42.108191Z","published":"2024-03-24T19:27:35.996Z","database_specific":{"cna_assigner":"GitHub_M","cwe_ids":["CWE-436","CWE-79"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/29xxx/CVE-2024-29034.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/29xxx/CVE-2024-29034.json"},{"type":"ADVISORY","url":"https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-vfmv-jfc5-pjjw"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29034"},{"type":"FIX","url":"https://github.com/carrierwaveuploader/carrierwave/commit/25b1c800d45ef8e78dc445ebe3bd8a6e3f0a3477"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/carrierwaveuploader/carrierwave","events":[{"introduced":"269c37a6c8609c26915f31ccfada512ef12fb3cb"},{"fixed":"cf2f011774ff449b3107c422540610e698d3dc28"}],"database_specific":{"versions":[{"introduced":"3.0.0"},{"fixed":"3.0.7"}]}},{"type":"GIT","repo":"https://github.com/carrierwaveuploader/carrierwave","events":[{"introduced":"0"},{"fixed":"eb6359e79fee43d1c480b0f50d9a585b3c3b1c1c"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.2.6"}]}}],"versions":["v0.1.0","v0.3.2","v0.3.3","v0.3.4","v0.3.5","v0.4.2","v0.4.3","v0.4.5","v0.5.0","v0.5.0.beta2","v0.5.1","v0.5.3","v0.5.5","v0.5.6","v0.5.8","v0.6.0","v0.6.1","v0.6.2","v0.7.0","v0.7.1","v0.8.0","v1.0.0","v1.0.0.beta","v1.0.0.rc","v1.1.0","v1.2.0","v1.2.1","v1.2.2","v1.2.3","v1.3.0","v1.3.1","v2.0.0","v2.0.0.rc","v2.0.1","v2.0.2","v2.1.0","v2.2.0","v2.2.1","v2.2.2","v2.2.3","v2.2.4","v2.2.5","v3.0.0","v3.0.1","v3.0.2","v3.0.3","v3.0.4","v3.0.5","v3.0.6"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-29034.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N"}]}