GHSA-m42x-37p3-fv5w

Suggest an improvement
Source
https://github.com/advisories/GHSA-m42x-37p3-fv5w
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/05/GHSA-m42x-37p3-fv5w/GHSA-m42x-37p3-fv5w.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-m42x-37p3-fv5w
Aliases
Published
2020-05-26T15:09:48Z
Modified
2024-02-22T05:37:26.373913Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
Circumvention of file size limits in ActiveStorage
Details

There is a vulnerability in ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user.

Versions Affected: rails < 5.2.4.2, rails < 6.0.3.1 Not affected: Applications that do not use the direct upload functionality of the ActiveStorage S3 adapter. Fixed Versions: rails >= 5.2.4.3, rails >= 6.0.3.1

Impact

Utilizing this vulnerability, an attacker can control the Content-Length of an S3 direct upload URL without receiving a new signature from the server. This could be used to bypass controls in place on the server to limit upload size.

Workarounds

This is a low-severity security issue. As such, no workaround is necessarily until such time as the application can be upgraded.

References

Affected packages

RubyGems / activestorage

Package

Name
activestorage
Purl
pkg:gem/activestorage

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.0.0
Fixed
5.2.4.3

Affected versions

5.*

5.2.0.beta1
5.2.0.beta2
5.2.0.rc1
5.2.0.rc2
5.2.0
5.2.1.rc1
5.2.1
5.2.1.1
5.2.2.rc1
5.2.2
5.2.2.1
5.2.3.rc1
5.2.3
5.2.4.rc1
5.2.4
5.2.4.1
5.2.4.2

Database specific

{
    "last_known_affected_version_range": "<= 5.2.4.2"
}

RubyGems / activestorage

Package

Name
activestorage
Purl
pkg:gem/activestorage

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.0.0
Fixed
6.0.3.1

Affected versions

6.*

6.0.0
6.0.1.rc1
6.0.1
6.0.2.rc1
6.0.2.rc2
6.0.2
6.0.2.1
6.0.2.2
6.0.3.rc1
6.0.3

Database specific

{
    "last_known_affected_version_range": "<= 6.0.3"
}