Contents

---
gem: activestorage
framework: rails
cve: 2020-8162
url: https://groups.google.com/forum/#!topic/rubyonrails-security/PjU3946mreQ
title: Circumvention of file size limits in ActiveStorage
date: 2020-05-18

description: |
  There is a vulnerability in ActiveStorage's S3 adapter that allows the Content-Length of a
  direct file upload to be modified by an end user.

  Versions Affected:  rails < 5.2.4.2, rails < 6.0.3.1
  Not affected:       Applications that do not use the direct upload functionality of the ActiveStorage S3 adapter.
  Fixed Versions:     rails >= 5.2.4.3, rails >= 6.0.3.1

  Impact
  ------

  Utilizing this vulnerability, an attacker can control the Content-Length of an S3 direct upload URL without receiving a
  new signature from the server. This could be used to bypass controls in place on the server to limit upload size.

  Workarounds
  -----------

  This is a low-severity security issue. As such, no workaround is necessarily
  until such time as the application can be upgraded.

patched_versions:
  - "~> 5.2.4.3"
  - ">= 6.0.3.1"

Version data entries

1 entries across 1 versions & 1 rubygems

Version	Path
bundler-audit-0.7.0.1	data/ruby-advisory-db/gems/activestorage/CVE-2020-8162.yml