activestorage

vulnerable: 5.2.0, 5.2.1, 5.2.1.rc1

A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed in…

vulnerable: 6.0.0 ... 6.0.3.rc1 (10 versions)

A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload …

vulnerable: 7.0.0, 7.0.1, 7.0.2, 7.0.2.1, 7.0.2.2

A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments.

vulnerable: 7.0.0 ... 7.0.8 (20 versions)

Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when ser…

vulnerable: 5.2.0 ... 7.1.5.1 (142 versions)

# Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three meth…

vulnerable: 0.1 ... 7.2.3 (161 versions)

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 Active Storage's proxy controller does not limit the number of byte ranges in an HTTP Range header. A reques…