Access Restriction Bypass

Affecting activestorage gem, versions <5.2.1.1

Overview

activestorage attaches cloud and local files in Rails applications.

Affected versions o f this package are vulnerable to Access Restriction Bypass. Signed download URLs generated by ActiveStorage for Google Cloud Storage service and Disk service include content-disposition and content-type parameters that an attacker can modify. This can be used to upload specially crafted HTML files and have them served and executed inline.

Remediation

Upgrade activestorage to version 5.2.1.1 or higher.

References

Do your applications use this vulnerable package?

CVSS Score

5.3
medium severity
  • Attack Vector
    Network
  • Attack Complexity
    Low
  • Privileges Required
    None
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    Low
  • Integrity
    None
  • Availability
    None
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Credit
Unknown
CVE
CVE-2018-16477
CWE
CWE-284
Snyk ID
SNYK-RUBY-ACTIVESTORAGE-72641
Disclosed
28 Nov, 2018
Published
28 Nov, 2018