CVE-2020-8162

Summary

A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.

Affected Software

VendorProductVersion RangeStatus
n/ahttps://github.com/rails/railsrails >= 5.2.4.3, rails >= 6.0.3.1affected

Weaknesses

  • CWE-602: Client-Side Enforcement of Server-Side Security (CWE-602)

ADP Enrichment

CVE Program Container

Additional References

References