Access Restriction Bypass
Affecting activestorage gem, versions <220.127.116.11
activestorage attaches cloud and local files in Rails applications.
Affected versions o f this package are vulnerable to Access Restriction Bypass. Signed download URLs generated by
ActiveStorage for Google Cloud Storage service and Disk service include
content-type parameters that an attacker can modify. This can be used to upload specially crafted HTML files and have them served and executed inline.
activestorage to version 18.104.22.168 or higher.