CVE-2020-8162
gem/rails
Unrestricted Upload of File with Dangerous Type
A client side enforcement of server side security vulnerability exists in rails and rails ActiveStorage's S3 adapter that allows the Content-Length
of a direct file upload to be modified by an end user bypassing upload limits.
All versions before 5.2.4.2, all versions starting from 6.0.0 before 6.0.3.1
Upgrade to versions 5.2.4.2, 6.0.3.1 or above.
2020-06-25
source |