GHSA-m42x-37p3-fv5w

Source

https://github.com/advisories/GHSA-m42x-37p3-fv5w

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/05/GHSA-m42x-37p3-fv5w/GHSA-m42x-37p3-fv5w.json

Aliases

CVE-2020-8162

Published

2020-05-26T15:09:48Z

Modified

2024-02-22T05:37:26.373913Z

Summary

Circumvention of file size limits in ActiveStorage

Details

There is a vulnerability in ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user.

Versions Affected: rails < 5.2.4.2, rails < 6.0.3.1 Not affected: Applications that do not use the direct upload functionality of the ActiveStorage S3 adapter. Fixed Versions: rails >= 5.2.4.3, rails >= 6.0.3.1

Impact

Utilizing this vulnerability, an attacker can control the Content-Length of an S3 direct upload URL without receiving a new signature from the server. This could be used to bypass controls in place on the server to limit upload size.

Workarounds

This is a low-severity security issue. As such, no workaround is necessarily until such time as the application can be upgraded.

References

Affected packages

RubyGems / activestorage

Package

Name: activestorage

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.0.0

Fixed

5.2.4.3

Affected versions

5.*

5.2.0.beta1

5.2.0.beta2

5.2.0.rc1

5.2.0.rc2

5.2.0

5.2.1.rc1

5.2.1

5.2.1.1

5.2.2.rc1

5.2.2

5.2.2.1

5.2.3.rc1

5.2.3

5.2.4.rc1

5.2.4

5.2.4.1

5.2.4.2

Database specific

{
    "last_known_affected_version_range": "<= 5.2.4.2"
}

RubyGems / activestorage

Package

Name: activestorage

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.0.0

Fixed

6.0.3.1

Affected versions

6.*

6.0.0

6.0.1.rc1

6.0.1

6.0.2.rc1

6.0.2.rc2

6.0.2

6.0.2.1

6.0.2.2

6.0.3.rc1

6.0.3

Database specific

{
    "last_known_affected_version_range": "<= 6.0.3"
}