Description
A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.
Remediation
References
Related Vulnerabilities
WordPress Plugin Zoho Marketing Automation SQL Injection (1.2.7)
WordPress Plugin Easing Slider Multiple Cross-Site Scripting Vulnerabilities (2.2.0.6)
WordPress Plugin Resim Ara Cross-Site Scripting (3.0)
Vanilla Forums Other Vulnerability (CVE-2011-3614)
Internet Information Services Other Vulnerability (CVE-2000-1104)