Bug 1843005 (CVE-2020-8162) - CVE-2020-8162 rubygem-activestorage: circumvention of file size limits in ActiveStorage
Summary: CVE-2020-8162 rubygem-activestorage: circumvention of file size limits in Act...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-8162
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1842995 1842996 1843006
Blocks: 1843007
TreeView+ depends on / blocked
 
Reported: 2020-06-02 14:32 UTC by Guilherme de Almeida Suckevicz
Modified: 2021-12-14 18:47 UTC (History)
21 users (show)

Fixed In Version: rubygem-activestorage-5.2.4.3, rubygem-activestorage-6.0.3.1
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in rubygem-activestorage. The ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user. The highest threat from this vulnerability is to data integrity.
Clone Of:
Environment:
Last Closed: 2021-11-08 13:50:59 UTC
Embargoed:

Attachments (Terms of Use)

Description Guilherme de Almeida Suckevicz 2020-06-02 14:32:36 UTC 
There is a vulnerability in ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user.

Reference:
https://groups.google.com/forum/#!msg/rubyonrails-security/PjU3946mreQ/Dn-6uLbAAQAJ
Comment 1 Guilherme de Almeida Suckevicz 2020-06-02 14:32:54 UTC 
Created rubygem-activestorage tracking bugs for this issue:

Affects: fedora-all [bug 1843006]
Comment 4 Yadnyawalk Tale 2020-06-03 18:31:28 UTC 
HackerOne Report: https://hackerone.com/reports/789579

GitHub Commit: https://github.com/rails/rails/commit/c0ab9a7d29b84a6ccb1ffa3e8ca1ce61f7a9fbb8
Comment 5 Yadnyawalk Tale 2020-06-03 18:31:33 UTC 
External References:

https://groups.google.com/forum/#!msg/rubyonrails-security/PjU3946mreQ/Dn-6uLbAAQAJ
Note You need to log in before you can comment on or make changes to this bug.