3 matches found
CVE-2018-16477
A bypass vulnerability in Active Storage = 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the content-disposition and content-type parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as...
CVE-2018-16477
CVE-2018-16477 describes a bypass vulnerability in Rails Active Storage (version >= 5.2.0) for Google Cloud Storage and the Disk service. The issue allows an attacker to modify the content-disposition and content-type parameters, enabling inline execution of HTML files. When combined with othe...
Bypass vulnerability in Active Storage
There is a vulnerability in Active Storage. This vulnerability has been assigned the CVE identifier CVE-2018-16477. Versions Affected: = 5.2.0 Not affected: 5.2.0 Fixed Versions: 5.2.1.1 Impact ------ Signed download URLs generated by ActiveStorage for Google Cloud Storage service and Disk servic...