CVE-2020-8162 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2020-8162 Interim 1 27 2025-02-17T01:36:20Z current 2021-05-30T14:37:48Z 2025-02-17T01:36:20Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2020-8162 A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise High Availability Extension 15 SUSE Linux Enterprise High Availability Extension 15 SP1 SUSE OpenStack Cloud 6-LTSS SUSE OpenStack Cloud 7 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 openSUSE Tumbleweed ruby2.1-rubygem-rails-4_2 ruby2.5-rubygem-rails-5_1 ruby2.7-rubygem-activestorage-5.2-5.2.6-1.2 ruby2.7-rubygem-activestorage-6.0-6.0.4-1.2 ruby3.0-rubygem-activestorage-5.2-5.2.6-1.2 ruby3.0-rubygem-activestorage-6.0-6.0.4-1.2 ruby3.1-rubygem-activestorage-6.0-6.0.4.4-1.1 rubygem-rails-4_2 rubygem-rails-5_1 ruby2.7-rubygem-activestorage-5.2-5.2.6-1.2 as a component of openSUSE Tumbleweed ruby2.7-rubygem-activestorage-6.0-6.0.4-1.2 as a component of openSUSE Tumbleweed ruby3.0-rubygem-activestorage-5.2-5.2.6-1.2 as a component of openSUSE Tumbleweed ruby3.0-rubygem-activestorage-6.0-6.0.4-1.2 as a component of openSUSE Tumbleweed ruby3.1-rubygem-activestorage-6.0-6.0.4.4-1.1 as a component of openSUSE Tumbleweed ruby2.5-rubygem-rails-5_1 as a component of SUSE Linux Enterprise High Availability Extension 15 rubygem-rails-5_1 as a component of SUSE Linux Enterprise High Availability Extension 15 ruby2.5-rubygem-rails-5_1 as a component of SUSE Linux Enterprise High Availability Extension 15 SP1 rubygem-rails-5_1 as a component of SUSE Linux Enterprise High Availability Extension 15 SP1 ruby2.1-rubygem-rails-4_2 as a component of SUSE OpenStack Cloud 6-LTSS rubygem-rails-4_2 as a component of SUSE OpenStack Cloud 6-LTSS ruby2.1-rubygem-rails-4_2 as a component of SUSE OpenStack Cloud 7 rubygem-rails-4_2 as a component of SUSE OpenStack Cloud 7 ruby2.1-rubygem-rails-4_2 as a component of SUSE OpenStack Cloud Crowbar 8 rubygem-rails-4_2 as a component of SUSE OpenStack Cloud Crowbar 8 ruby2.1-rubygem-rails-4_2 as a component of SUSE OpenStack Cloud Crowbar 9 rubygem-rails-4_2 as a component of SUSE OpenStack Cloud Crowbar 9 A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits. CVE-2020-8162 openSUSE Tumbleweed:ruby2.7-rubygem-activestorage-5.2-5.2.6-1.2 openSUSE Tumbleweed:ruby2.7-rubygem-activestorage-6.0-6.0.4-1.2 openSUSE Tumbleweed:ruby3.0-rubygem-activestorage-5.2-5.2.6-1.2 openSUSE Tumbleweed:ruby3.0-rubygem-activestorage-6.0-6.0.4-1.2 openSUSE Tumbleweed:ruby3.1-rubygem-activestorage-6.0-6.0.4.4-1.1 SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-rails-5_1 SUSE Linux Enterprise High Availability Extension 15 SP1:rubygem-rails-5_1 SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-rails-5_1 SUSE Linux Enterprise High Availability Extension 15:rubygem-rails-5_1 SUSE OpenStack Cloud 6-LTSS:ruby2.1-rubygem-rails-4_2 SUSE OpenStack Cloud 6-LTSS:rubygem-rails-4_2 SUSE OpenStack Cloud 7:ruby2.1-rubygem-rails-4_2 SUSE OpenStack Cloud 7:rubygem-rails-4_2 SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-rails-4_2 SUSE OpenStack Cloud Crowbar 8:rubygem-rails-4_2 SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-rails-4_2 SUSE OpenStack Cloud Crowbar 9:rubygem-rails-4_2 important 5 AV:N/AC:L/Au:N/C:N/I:P/A:N 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N