A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2020-06-19T17:02:42

Updated: 2024-08-04T09:48:25.603Z

Reserved: 2020-01-28T00:00:00

Link: CVE-2020-8162

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2020-06-19T17:15:18.583

Modified: 2022-05-24T16:15:39.237

Link: CVE-2020-8162

cve-icon Redhat

Severity : Important

Publid Date: 2020-05-18T00:00:00Z

Links: CVE-2020-8162 - Bugzilla