CVE-2020-8162

HIGH

Rails <5.2.4.2, <6.0.3.1 - Info Disclosure

Title source: llm

Description

A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.

Exploits (1)

nomisec STUB

by usutani · poc

https://github.com/usutani/study-turbolinks-link

View Code ZIP pw:eip

References (3)

[Mailing List, Patch, Third Party Advisory] https://groups.google.com/g/rubyonrails-security/c/PjU3946mreQ

[Exploit, Third Party Advisory] https://hackerone.com/reports/789579

[Third Party Advisory] https://www.debian.org/security/2020/dsa-4766

Scores

CVSS v3 7.5

EPSS 0.0155

EPSS Percentile 81.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-434 CWE-602

Status published

Products (3)

debian/debian_linux 10.0

rubygems/activestorage 5.0.0 - 5.2.4.3RubyGems

rubyonrails/rails < 5.2.4.2

Published Jun 19, 2020

Tracked Since Feb 18, 2026