Is activestorage affected by CVE-2022-21831?

RubyGems activestorage is affected in >=5.2.0 =6.0.0 =6.1.0 =7.0.0 <7.0.2.3.

Is CVE-2022-21831 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 2.8%.

critical

CVE-2022-21831

Q: Is CVE-2022-21831 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 2.8%.

RubyGems · activestorage

Summary

Possible code injection vulnerability in Rails / Active Storage

Severity: critical
EPSS: 2.8% (p85)
Also known as: GHSA-w749-p3v6-hccq
Published: 2022-03-08

References

https://nvd.nist.gov/vuln/detail/CVE-2022-21831
https://github.com/rails/rails/commit/0a72f7d670e9aa77a0bb8584cb1411ddabb7546e
https://github.com/advisories/GHSA-w749-p3v6-hccq

Related advisories

CVE-2025-24293 — critical · RubyGems/activestorage
CVE-2026-33195 — high · RubyGems/activestorage
CVE-2020-8162 — high · RubyGems/activestorage
CVE-2026-33202 — medium · RubyGems/activestorage
CVE-2026-33174 — medium · RubyGems/activestorage
CVE-2026-33173 — medium · RubyGems/activestorage
CVE-2024-26144 — medium · RubyGems/activestorage

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.