Product
high
advisory
Rails Active Storage Path Traversal Vulnerability
2 rules 1 TTPA path traversal vulnerability (CVE-2026-33195) exists in Rails Active Storage's DiskService#path_for, potentially allowing attackers to read, write, or delete arbitrary files on the server by crafting blob keys with path traversal sequences, impacting applications that pass user input as blob keys.
Active Storage
rails
path traversal
cve-2026-33195
2r
1t
high
advisory
Rails Active Storage Vulnerability Allows Arbitrary File Deletion
2 rules 1 TTPA vulnerability in Rails Active Storage allows attackers to delete arbitrary files in the storage directory by exploiting glob metacharacters in blob keys passed to `Dir.glob`.
Active Storage
rails
active_storage
file_deletion
vulnerability
2r
1t