Access Restriction Bypass

Affecting activestorage gem, versions <5.2.1.1

medium severity

Overview

activestorage attaches cloud and local files in Rails applications.

Affected versions o f this package are vulnerable to Access Restriction Bypass. Signed download URLs generated by ActiveStorage for Google Cloud Storage service and Disk service include content-disposition and content-type parameters that an attacker can modify. This can be used to upload specially crafted HTML files and have them served and executed inline.

Remediation

Upgrade activestorage to version 5.2.1.1 or higher.

References

Do your applications use this vulnerable package?

Credit
Unknown
CVE
CVE-2018-16477
CWE
CWE-284
Snyk ID
SNYK-RUBY-ACTIVESTORAGE-72641
Disclosed
28 Nov, 2018
Published
28 Nov, 2018