Add CVE-2018-16477 (ActiveStorage) (#371)

Add CVE-2018-16477 for ActiveStorage

Author: greysteil

gems/activestorage/CVE-2018-16477.yml

@@ -0,0 +1,42 @@
+---
+gem: activestorage
+cve: 2018-16477
+url: https://groups.google.com/forum/#!topic/rubyonrails-security/3KQRnXDIuLg
+title: Bypass vulnerability in Active Storage
+date: 2018-11-27
+
+description: |
+  There is a vulnerability in Active Storage. This vulnerability has been
+  assigned the CVE identifier CVE-2018-16477.
+
+  Versions Affected:  >= 5.2.0
+  Not affected:       < 5.2.0
+  Fixed Versions:     5.2.1.1
+
+  Impact
+  ------
+  Signed download URLs generated by `ActiveStorage` for Google Cloud Storage
+  service and Disk service include `content-disposition` and `content-type`
+  parameters that an attacker can modify. This can be used to upload specially
+  crafted HTML files and have them served and executed inline. Combined with
+  other techniques such as cookie bombing and specially crafted AppCache manifests,
+  an attacker can gain access to private signed URLs within a specific storage path.
+
+  Vulnerable apps are those using either GCS or the Disk service in production.
+  Other storage services such as S3 or Azure aren't affected.
+
+  All users running an affected release should either upgrade or use one of the
+  workarounds immediately. For those using GCS, it's also recommended to run the
+  following to update existing blobs:
+
+  ```
+  ActiveStorage::Blob.find_each do |blob|
+    blob.send :update_service_metadata
+  end
+  ```
+
+unaffected_versions:
+  - "< 5.2.0"
+
+patched_versions:
+  - ">= 5.2.1.1"