Unsanitized HTML in Rich Text Area Could Lead to Code Execution
CVE-2024-32464

6.1MEDIUM

Key Information:

Vendor: Action Text
Status: Rails
Vendor: CVE Published:; 4 June 2024

🔔 Create Action Text Vulnerability Alert

What is CVE-2024-32464?

Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2.

References

https://github.com/rails/rails/security/advisories/GHSA-p...

https://github.com/rails/rails/commit/e215bf3360e6dfe1497...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 4, 2024

JSON