VDB

DEBIAN-CVE-2018-16477

DEBIAN-CVE-2018-16477 PUBLISHED CVSS 6.5 MEDIUM

A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache manifests, an attacker can gain access to private signed URLs within a specific storage path. This vulnerability has been fixed in version 5.2.1.1.

Risk Scores

CVSS 3.0
6.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Affected Products

VendorProductVersions
Debian:12rails0, 0, 0
Debian:11rails0, 0, 0
Debian:14rails0, 0, 0
Debian:13rails0, 0, 0

Exploit Intelligence

…and 1 more exploits

Timeline

  • Nov 30, 2018 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›