Описание
A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.
A flaw was found in rubygem-activestorage. The ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user. The highest threat from this vulnerability is to data integrity.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | cfme-gemset | Will not fix | ||
| Red Hat Satellite 6.9 for RHEL 7 | ansible-collection-redhat-satellite | Fixed | RHSA-2021:1313 | 21.04.2021 |
| Red Hat Satellite 6.9 for RHEL 7 | ansiblerole-foreman_scap_client | Fixed | RHSA-2021:1313 | 21.04.2021 |
| Red Hat Satellite 6.9 for RHEL 7 | ansiblerole-insights-client | Fixed | RHSA-2021:1313 | 21.04.2021 |
| Red Hat Satellite 6.9 for RHEL 7 | ansiblerole-satellite-receptor-installer | Fixed | RHSA-2021:1313 | 21.04.2021 |
| Red Hat Satellite 6.9 for RHEL 7 | ansible-runner | Fixed | RHSA-2021:1313 | 21.04.2021 |
| Red Hat Satellite 6.9 for RHEL 7 | candlepin | Fixed | RHSA-2021:1313 | 21.04.2021 |
| Red Hat Satellite 6.9 for RHEL 7 | createrepo_c | Fixed | RHSA-2021:1313 | 21.04.2021 |
| Red Hat Satellite 6.9 for RHEL 7 | foreman | Fixed | RHSA-2021:1313 | 21.04.2021 |
| Red Hat Satellite 6.9 for RHEL 7 | foreman-bootloaders-redhat | Fixed | RHSA-2021:1313 | 21.04.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.
A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.
A client side enforcement of server side security vulnerability exists ...
Circumvention of file size limits in ActiveStorage
Уязвимость программной платформы Ruby on Rails, связанная с реализацией функций безопасности на стороне клиента, позволяющая нарушителю выполнить произвольный код
EPSS
7.5 High
CVSS3