Description

A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.

Remediation

References

CVE-2020-8162

Related Vulnerabilities

WordPress Plugin Zoho Marketing Automation SQL Injection (1.2.7)

WordPress Plugin Easing Slider Multiple Cross-Site Scripting Vulnerabilities (2.2.0.6)

WordPress Plugin Resim Ara Cross-Site Scripting (3.0)

Vanilla Forums Other Vulnerability (CVE-2011-3614)

Internet Information Services Other Vulnerability (CVE-2000-1104)

Severity

High

Classification

CVE-2020-8162 CWE-434 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities