GHSA-7rr7-rcjw-56vj

Suggest an improvement
Source
https://github.com/advisories/GHSA-7rr7-rcjw-56vj
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/12/GHSA-7rr7-rcjw-56vj/GHSA-7rr7-rcjw-56vj.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-7rr7-rcjw-56vj
Aliases
Published
2018-12-05T17:17:02Z
Modified
2024-02-22T05:20:56.259412Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
Summary
Exposure of Sensitive Information to an Unauthorized Actor in activestorage
Details

A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the content-disposition and content-type parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache manifests, an attacker can gain access to private signed URLs within a specific storage path.

Vulnerable apps are those using either GCS or the Disk service in production. Other storage services such as S3 or Azure aren't affected.

References

Affected packages

RubyGems / activestorage

Package

Name
activestorage
Purl
pkg:gem/activestorage

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.2.0
Fixed
5.2.1.1

Affected versions

5.*

5.2.0
5.2.1.rc1
5.2.1

Database specific

{
    "last_known_affected_version_range": "<= 5.2.1.0"
}