ActionText ContentAttachment can Contain Unsanitized HTML
Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This has been assigned the CVE identifier CVE-2024-32464. Versions Affected: >= 7.1.0 Not affected: < 7.1.0 Fixed Versions: 7.1.3.4 Impact This could lead to a potential cross site scripting issue within the Trix editor. Releases The fixed releases are available at the normal locations. Workarounds N/A Patches To aid users who aren't able to upgrade immediately we …