activestorage attaches cloud and local files in Rails applications.
Affected versions o f this package are vulnerable to Access Restriction Bypass. Signed download URLs generated by
ActiveStorage for Google Cloud Storage service and Disk service include
content-type parameters that an attacker can modify. This can be used to upload specially crafted HTML files and have them served and executed inline.
activestorage to version 220.127.116.11 or higher.