Bug 1843005 (CVE-2020-8162)

Summary: CVE-2020-8162 rubygem-activestorage: circumvention of file size limits in ActiveStorage
Product: [Other] Security Response Reporter: Guilherme de Almeida Suckevicz <gsuckevi>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: akarol, bbuckingham, bcourt, bkearney, btotty, dmetzger, gmccullo, gtanzill, hhudgeon, jhardy, lzap, mmccune, nmoumoul, rchan, rjerrido, roliveri, ruby-packagers-sig, simaishi, smallamp, sokeeffe, vondruch
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: rubygem-activestorage-5.2.4.3, rubygem-activestorage-6.0.3.1 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in rubygem-activestorage. The ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user. The highest threat from this vulnerability is to data integrity.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-11-08 13:50:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1842995, 1842996, 1843006    
Bug Blocks: 1843007    

Description Guilherme de Almeida Suckevicz 2020-06-02 14:32:36 UTC 
There is a vulnerability in ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user.

Reference:
https://groups.google.com/forum/#!msg/rubyonrails-security/PjU3946mreQ/Dn-6uLbAAQAJ
Comment 1 Guilherme de Almeida Suckevicz 2020-06-02 14:32:54 UTC 
Created rubygem-activestorage tracking bugs for this issue:

Affects: fedora-all [bug 1843006]
Comment 4 Yadnyawalk Tale 2020-06-03 18:31:28 UTC 
HackerOne Report: https://hackerone.com/reports/789579

GitHub Commit: https://github.com/rails/rails/commit/c0ab9a7d29b84a6ccb1ffa3e8ca1ce61f7a9fbb8
Comment 5 Yadnyawalk Tale 2020-06-03 18:31:33 UTC 
External References:

https://groups.google.com/forum/#!msg/rubyonrails-security/PjU3946mreQ/Dn-6uLbAAQAJ