CVE-2020-8162

Unrestricted Upload of File with Dangerous Type in gem/rails

Identifiers

CVE-2020-8162

Package Slug

gem/rails

Vulnerability

Unrestricted Upload of File with Dangerous Type

Description

A client side enforcement of server side security vulnerability exists in rails and rails ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.

Affected Versions

All versions before 5.2.4.2, all versions starting from 6.0.0 before 6.0.3.1

Solution

Upgrade to versions 5.2.4.2, 6.0.3.1 or above.

Last Modified

2020-06-25

source