Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2.
References
Link | Resource |
---|---|
https://github.com/rails/rails/commit/e215bf3360e6dfe1497c1503a495e384ed6b0995 | Patch |
https://github.com/rails/rails/security/advisories/GHSA-prjp-h48f-jgf6 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-06-04T19:53:59.774Z
Updated: 2024-06-04T19:53:59.774Z
Reserved: 2024-04-12T19:41:51.165Z
Link: CVE-2024-32464
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-06-04T20:15:11.247
Modified: 2024-06-11T15:24:13.467
Link: CVE-2024-32464
JSON object: View
Redhat Information
No data.