CVE-2020-8162
19.06.2020, 17:15
A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.Enginsight
| Vendor | Product | Version |
|---|---|---|
| rubyonrails | rails | 𝑥 < 5.2.4.2 |
| rubyonrails | rails | 6.0.0 ≤ 𝑥 < 6.0.3.1 |
| debian | debian_linux | 10.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| rails |
| ||||||||||||||||||||||||||
| rails-4.0 |
| ||||||||||||||||||||||||||
| ruby-actionpack-3.2 |
| ||||||||||||||||||||||||||
| ruby-activemodel-3.2 |
| ||||||||||||||||||||||||||
| ruby-activerecord-3.2 |
| ||||||||||||||||||||||||||
| ruby-activesupport-3.2 |
| ||||||||||||||||||||||||||
| ruby-rails-3.2 |
|
Common Weakness Enumeration
- CWE-602 - Client-Side Enforcement of Server-Side SecurityThe product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.
- CWE-434 - Unrestricted Upload of File with Dangerous TypeThe software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.