Signal
Multiple medium and low severity vulnerabilities disclosed in Rails components
Four new security advisories reveal possible vulnerabilities in various Rails components, including Active Support, Active Storage, and Action View.
github
cvevulnerabilityrailssecurity_advisory
Evidence locked
Today's free sample is only available for the edition's flagship signal.
Evidence preview
- GitHub Security Advisoriesgithub.com
- Rails Active Storage has possible content type bypass via metadata in direct uploadsgithub_advisories
- Rails Active Support has a possible ReDoS vulnerability in number_to_delimitedgithub_advisories
- Rails has a possible XSS vulnerability in its Action View tag helpersgithub_advisories