Monthly
Rails Active Storage's DirectUploadsController accepts and persists arbitrary client-supplied metadata on blob objects, allowing attackers to manipulate internal flags like 'identified' and 'analyzed' that should only be set by the server. This affects Ruby on Rails versions across multiple release branches (7.2.x, 8.0.x, and 8.1.x prior to the patched versions 7.2.3.1, 8.0.4.1, and 8.1.2.1), and while not currently listed in the KEV catalog, patches are available from the vendor indicating acknowledgment of the issue's validity.
Rails Active Storage's DirectUploadsController accepts and persists arbitrary client-supplied metadata on blob objects, allowing attackers to manipulate internal flags like 'identified' and 'analyzed' that should only be set by the server. This affects Ruby on Rails versions across multiple release branches (7.2.x, 8.0.x, and 8.1.x prior to the patched versions 7.2.3.1, 8.0.4.1, and 8.1.2.1), and while not currently listed in the KEV catalog, patches are available from the vendor indicating acknowledgment of the issue's validity.