CVE-2020-8162
UNKNOWN
Published 2020-06-19T17:02:42
Actions:
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2020-8162. We'll provide specific mitigation strategies based on your environment and risk profile.
No CVSS data available
Description
A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.
Available Exploits
No exploits available for this CVE.
Related News
No news articles found for this CVE.
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Advisory Details
There is a vulnerability in ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user.
Versions Affected: rails < 5.2.4.2, rails < 6.0.3.1
Not affected: Applications that do not use the direct upload functionality of the ActiveStorage S3 adapter.
Fixed Versions: rails >= 5.2.4.3, rails >= 6.0.3.1
Impact
------
Utilizing this vulnerability, an attacker can control the Content-Length of an S3 direct upload URL without receiving a new signature from the server. This could be used to bypass controls in place on the server to limit upload size.
Workarounds
-----------
This is a low-severity security issue. As such, no workaround is necessarily until such time as the application can be upgraded.
Affected Packages
RubyGems
activestorage
ECOSYSTEM:
≥5.0.0
<5.2.4.3
RubyGems
activestorage
ECOSYSTEM:
≥6.0.0
<6.0.3.1
CVSS Scoring
CVSS Score
7.5
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
References
Advisory provided by GitHub Security Advisory Database. Published: May 26, 2020, Modified: July 5, 2023
References
Published: 2020-06-19T17:02:42
Last Modified: 2024-08-04T09:48:25.603Z
Copied to clipboard!