H1-789579 — Vulnetix

H1-789579 PUBLISHED CVSS 5.300000190734863 MEDIUM

ActiveStorage direct upload fails to sign content-length header for S3 service

Risk Scores

CVSS 3.1

5.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploit Intelligence

Known security vulnerabilities detected. CVE-2022-21831 Critical severity CVE-2025-24293 Critical severity CVE-2020-8162 High severity CVE-2024-26144 Moderate severity (github-poc-repo)
Known security vulnerabilities detected. CVE-2022-21831 Critical severity CVE-2025-24293 Critical severity CVE-2020-8162 High severity CVE-2024-26144 Moderate severity (github-poc)
ActiveStorage direct upload fails to sign content-length header for S3 service (hackerone)
ActiveStorage direct upload fails to sign content-length header for S3 service (hackerone)
.bundler-audit.yml (github-poc)
.bundler-audit.yml (github-poc)
.bundler-audit.yml (github-poc)
.bundler-audit.yml (github-poc)
.bundler-audit.yml (github-poc)
.bundler-audit.yml (github-poc)

…and 5 more exploits

Timeline

May 18, 2020 CVE Published
May 18, 2020 PoC Published

References

ActiveStorage direct upload fails to sign content-length header for S3 service advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›