Nikeee

**Name of the Vulnerable Software and Affected Versions** RustFS versions 1.0.0-alpha.56 through 1.0.0-alpha.82 **Description** RustFS does not properly validate policy conditions during presigned POST uploads (PostObject). This allows bypassing content-length-range, starts-with, and Content-Type constraints. Successful exploitation can lead to unauthorized file uploads exceeding size limits, uploads to arbitrary object keys, and content-type spoofing. These actions could result in storage exhaustion, unauthorized data access, and security bypasses. The `PostObject` function is involved in this issue. **Recommendations** Update to RustFS version 1.0.0-alpha.83 or later.