Rubyonrails: >> Rails >> 7.1.3.3 Security Vulnerabilities
Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2.
CVSS Score
6.1
EPSS Score
0.003
Published
2024-06-04
Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3.
CVSS Score
5.4
EPSS Score
0.009
Published
2024-06-04