5.3

CVE-2026-33173

Rails Active Storage has possible content type bypass via metadata in direct uploads

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, `DirectUploadsController` accepts arbitrary metadata from the client and persists it on the blob. Because internal flags like `identified` and `analyzed` are stored in the same metadata hash, a direct-upload client can set these flags to skip MIME detection and analysis. This allows an attacker to upload arbitrary content while claiming a safe `content_type`, bypassing any validations that rely on Active Storage's automatic content type identification. Versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 contain a patch.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RubyonrailsRails Version < 7.2.3.1
RubyonrailsRails Version >= 8.0.0 < 8.0.4.1
RubyonrailsRails Version >= 8.1.0 < 8.1.2.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.39% 0.306
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
security-advisories@github.com 5.3 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-925 Improper Verification of Intent by Broadcast Receiver

The Android application uses a Broadcast Receiver that receives an Intent but does not properly verify that the Intent came from an authorized source.

https://github.com/rails/rails/releases/tag/v8.1.2.1
Release Notes
https://github.com/rails/rails/releases/tag/v7.2.3.1
Release Notes
https://github.com/rails/rails/releases/tag/v8.0.4.1
Release Notes
https://github.com/rails/rails/security/advisories/GHSA-qcfx-2mfw-w4cg
Vendor Advisory
https://github.com/rails/rails/commit/707c0f1f41f067fdf96d54e99d43b28dfaae7e53
Patch
https://github.com/rails/rails/commit/8fcb934caadc79c8cc4ce53287046d0f67005b3e
Patch
https://github.com/rails/rails/commit/d9502f5214e2198245a4c1defe9cd02a7c8057d0
Patch