Input validation error in activestorage

#VU28240 Input validation error in activestorage

Published: 2020-05-26

Vulnerability identifier: #VU28240

Vulnerability risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-8162

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
activestorage
Web applications / Modules and components for CMS

Vendor: Ruby

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in ActiveStorage's S3 adapter. A remote attacker can control the Content-Length of an S3 direct upload URL without receiving a new signature from the server and perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

activestorage: 5.2.0 - 6.0.3 rc1

External links
http://snyk.io/vuln/SNYK-RUBY-ACTIVESTORAGE-569602
http://github.com/rails/rails/commit/c0ab9a7d29b84a6ccb1ffa3e8ca1ce61f7a9fbb8
http://groups.google.com/forum/#!topic/rubyonrails-security/PjU3946mreQ
http://hackerone.com/reports/789579

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

openEuler 20.03 LTS SP1 update for rubygem-rails

Debian update for rails

Denial of service in activestorage gem for Ruby