Description
A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.
Remediation
References
Related Vulnerabilities
Moodle Incorrect Authorization Vulnerability (CVE-2020-14321)
phpMyFAQ Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2023-4006)
WordPress Plugin Simple Events Calendar SQL Injection (1.4.0)
WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Security Bypass (2.9.2)