GHSA-m42x-37p3-fv5w

Source

https://github.com/advisories/GHSA-m42x-37p3-fv5w

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/05/GHSA-m42x-37p3-fv5w/GHSA-m42x-37p3-fv5w.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-m42x-37p3-fv5w

Aliases

CVE-2020-8162

Published

2020-05-26T15:09:48Z

Modified

2024-02-22T05:37:26.373913Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

Circumvention of file size limits in ActiveStorage

Details

There is a vulnerability in ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user.

Versions Affected: rails < 5.2.4.2, rails < 6.0.3.1 Not affected: Applications that do not use the direct upload functionality of the ActiveStorage S3 adapter. Fixed Versions: rails >= 5.2.4.3, rails >= 6.0.3.1

Impact

Utilizing this vulnerability, an attacker can control the Content-Length of an S3 direct upload URL without receiving a new signature from the server. This could be used to bypass controls in place on the server to limit upload size.

Workarounds

This is a low-severity security issue. As such, no workaround is necessarily until such time as the application can be upgraded.

Database specific

{
    "nvd_published_at": "2020-06-19T17:15:00Z",
    "cwe_ids": [
        "CWE-434",
        "CWE-602"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2020-05-26T15:06:42Z"
}

References

Affected packages

RubyGems / activestorage

Package

Name: activestorage
Purl: pkg:gem/activestorage

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.0.0

Fixed

5.2.4.3

Affected versions

5.*

5.2.0.beta1

5.2.0.beta2

5.2.0.rc1

5.2.0.rc2

5.2.0

5.2.1.rc1

5.2.1

5.2.1.1

5.2.2.rc1

5.2.2

5.2.2.1

5.2.3.rc1

5.2.3

5.2.4.rc1

5.2.4

5.2.4.1

5.2.4.2

Database specific

{
    "last_known_affected_version_range": "<= 5.2.4.2"
}

RubyGems / activestorage

Package

Name: activestorage
Purl: pkg:gem/activestorage

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.0.0

Fixed

6.0.3.1

Affected versions

6.*

6.0.0

6.0.1.rc1

6.0.1

6.0.2.rc1

6.0.2.rc2

6.0.2

6.0.2.1

6.0.2.2

6.0.3.rc1

6.0.3

Database specific

{
    "last_known_affected_version_range": "<= 6.0.3"
}