GrepRules
Sign inPublish rule
Explore/cve-2024-32464-rails-actiontext-unsanitized-attachment-content

CVE-2024-32464: Rails Actiontext Unsanitized Attachment Content

Action Text attachments are missing sanitization on their content attribute before rendering. This missing validation boundary allows Cross-Site Scripting (XSS) via specially crafted tags with malicious HTML in the content attribute.

Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0Rubyβ
greprules fetch cve-2024-32464-rails-actiontext-unsanitized-attachment-content --engine opengrep

Description

Action Text attachments are missing sanitization on their content attribute before rendering. This missing validation boundary allows Cross-Site Scripting (XSS) via specially crafted tags with malicious HTML in the content attribute.

License
Apache-2.0
Source context
Public repository
Source
Provally CVE rule catalog
Validation status
Verified
Quality signals
145 downloads0 direct145 via packs
· 0 stars · Quality score 77How quality works
Included packs
2 packs