-
-
Notifications
You must be signed in to change notification settings - Fork 221
/
CVE-2020-8162.yml
31 lines (26 loc) · 1.09 KB
/
CVE-2020-8162.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
---
gem: activestorage
framework: rails
cve: 2020-8162
ghsa: m42x-37p3-fv5w
url: https://groups.google.com/forum/#!topic/rubyonrails-security/PjU3946mreQ
title: Circumvention of file size limits in ActiveStorage
date: 2020-05-18
description: |
There is a vulnerability in ActiveStorage's S3 adapter that allows the Content-Length of a
direct file upload to be modified by an end user.
Versions Affected: rails < 5.2.4.2, rails < 6.0.3.1
Not affected: Applications that do not use the direct upload functionality of the ActiveStorage S3 adapter.
Fixed Versions: rails >= 5.2.4.3, rails >= 6.0.3.1
Impact
------
Utilizing this vulnerability, an attacker can control the Content-Length of an S3 direct upload URL without receiving a
new signature from the server. This could be used to bypass controls in place on the server to limit upload size.
Workarounds
-----------
This is a low-severity security issue. As such, no workaround is necessarily
until such time as the application can be upgraded.
cvss_v3: 7.5
patched_versions:
- "~> 5.2.4, >= 5.2.4.3"
- ">= 6.0.3.1"