Paperclip ruby gem version 3.1.4 and later suffers from a Server-Side Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources. Upstream bug: https://github.com/thoughtbot/paperclip/pull/2435
Statement: Red Hat CloudForms 4shipped the vulnerable paperclip ruby gem, however this ruby gem was removed in CloudForms 5.8. As this issue has been addressed in CloudForms 5.8, and the issue is only rated moderate Red Hat Security will not be fixing this issue in CloudForms 5.7.