A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache manifests, an attacker can gain access to private signed URLs within a specific storage path.

Vulnerable apps are those using either GCS or the Disk service in production. Other storage services such as S3 or Azure aren't affected.

Affected Packages

RubyGems activestorage

Affected versions: 5.2.0 (fixed in 5.2.1.1)

Related CVEs

CVE-2018-16477

Key Information

GHSA ID

GHSA-7rr7-rcjw-56vj

Published

December 5, 2018 5:17 PM

Last Modified

July 5, 2023 7:08 PM

CVSS Score

5.0 /10

Primary Ecosystem

RubyGems

Primary Package

activestorage

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 1, 2025 6:44 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.