Ruby on Rails: XSS by MathML at Active Storage

In Active Storage, formats treated as binary have been confirmed, It does not contain application/mathml+xml. https://github.com/rails/rails/commit/d40284b1a44773b03d78ca67a888b94fd330d1b1 In Marcel::MimeType.for, if content-type can not be determined with magic byte, since it is determined using...

CVE-2017-18103

The atlassian-http library, as used in various Atlassian products, before version 2.0.2 allows remote attackers to spoof web content in the Mozilla Firefox Browser through uploaded files that have a content-type of application/mathml+xml...