Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.
A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache manifests, an attacker can gain access to private signed URLs within a specific storage path.
CVE-2018-16477 - Medium Severity Vulnerability
Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration.
path: /tmp/git/chaltron/Gemfile.lock
Library home page: https://rubygems.org/gems/rails-5.2.1.gem
Dependency Hierarchy: - bootstrap_form-4.0.0.gem (Root Library) - :x: **rails-5.2.1.gem** (Vulnerable Library)A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache manifests, an attacker can gain access to private signed URLs within a specific storage path.
Publish Date: 2018-11-30
URL: CVE-2018-16477
Base Score Metrics not available
Step up your Open Source Security Game with WhiteSource here