DEBIAN-CVE-2020-8162

A client side enforcement of server side security vulnerability exists in rails 5.2.4.2 and rails 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits...

Design/Logic Flaw

A client side enforcement of server side security vulnerability exists in rails 5.2.4.2 and rails 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits...

UBUNTU-CVE-2020-8162

A client side enforcement of server side security vulnerability exists in rails 5.2.4.2 and rails 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits...

CVE-2020-8162

CVE-2020-8162 affects Rails ActiveStorage’s S3 direct-upload functionality. The issue arises from client-side enforcement that bypasses server-side upload-size limits by changing the Content-Length of the direct upload URL. Impacted products/versions include Rails < 5.2.4.2 and Rails

CVE-2020-8162

A client side enforcement of server side security vulnerability exists in rails 5.2.4.2 and rails 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits...

CVE-2020-8162

A client side enforcement of server side security vulnerability exists in rails 5.2.4.2 and rails 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits...

Unrestricted Upload of File with Dangerous Type

A client side enforcement of server side security vulnerability exists in rails and rails ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits...

CVE-2020-8162

A flaw was found in rubygem-activestorage. The ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user. The highest threat from this vulnerability is to data integrity...

GHSA-M42X-37P3-FV5W Circumvention of file size limits in ActiveStorage

There is a vulnerability in ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user. Versions Affected: rails = 5.2.4.3, rails = 6.0.3.1 Impact ------ Utilizing this vulnerability, an attacker can control the Content-Length of an S3 direct...

Circumvention of file size limits in ActiveStorage

There is a vulnerability in ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user. Versions Affected: rails = 5.2.4.3, rails = 6.0.3.1 Impact ------ Utilizing this vulnerability, an attacker can control the Content-Length of an S3 direct...

FreeBSD : Rails -- multiple vulnerabilities (85fca718-99f6-11ea-bf1d-08002728f74c)

Ruby on Rails blog : Hi everyone! Rails 5.2.4.3 and 6.0.3.1 have been released! These releases contain important security fixes, so please upgrade when you can. Both releases contain the following fixes : CVE-2020-8162: Circumvention of file size limits in ActiveStorage CVE-2020-8164: Possible...

Improper Validation

Overview Affected versions of this package are vulnerable to Improper Validation. Utilizing this vulnerability, an attacker can control the Content-Length of an S3 direct upload URL without receiving a new signature from the server. This could be used to bypass controls in place on the server to...

Unrestricted File Upload

activestorage allows unrestricted file uploads. The Content-Length in signature for ActiveStorage direct upload is not validated, allowing an attacker upload a file with an arbitrary file size or bypass controls in place on the server...

Circumvention of file size limits in ActiveStorage

There is a vulnerability in ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user. Versions Affected: rails = 5.2.4.3, rails = 6.0.3.1 Impact ------ Utilizing this vulnerability, an attacker can control the Content-Length of an S3 direct...

Rails -- multiple vulnerabilities

Ruby on Rails blog: Hi everyone! Rails 5.2.4.3 and 6.0.3.1 have been released! These releases contain important security fixes, so please upgrade when you can. Both releases contain the following fixes: CVE-2020-8162: Circumvention of file size limits in ActiveStorage CVE-2020-8164: Possible Stro...

Ruby on Rails: ActiveStorage direct upload fails to sign content-length header for S3 service

When a user makes a direct upload using ActiveStorage, the browser makes a request to the DirectUploadsController containing the directupload parameters filename, contenttype, bytesize, and checksum. These are used to generate a presigned url that is then passed back to the browser, allowing the...

HackerOne: ActiveStorage throws exception when using whitespace as filename, may lead to denial of service of multiple pages

Summary: Hi team, I've found an issue on the profile picture upload feature of your asset - https://hackerone.com, which can allow a malicious attacker to perform an application wide denial of service attack. Description: I was playing with the profile picture upload feature, then i observed that...

Ruby on Rails Active Storage Insecure Deserialization (CVE-2019-5420)

An insecure deserialization vulnerability exists in Ruby on Rails' ActiveStorage component. Successful exploitation of this vulnerability could allow a remote authenticated attacker with at least author-level privileges to execute arbitrary code on the affected system...

[SECURITY] Fedora 30 Update: rubygem-activestorage-5.2.3-1.fc30

Attach cloud and local files in Rails applications...

Fedora Update for rubygem-activestorage FEDORA-2019-1cfe24db5c

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...