事例:CVE-2024-32464: ActionText ContentAttachment’s can Contain Unsanitized HTML
CVE-2024-32464
ActionText ContentAttachment’s can Contain Unsanitized HTML
Action Text
での
Stored XSS
修正コミット
https://github.com/rails/rails/commit/1ac6d40d36a07b48a67bc7f8627fd1f92bffcb14
レポート
https://hackerone.com/reports/2389565
todo
詳細は公開された後
#事例