Active Storage allowed transformation methods that were potentially unsafe

Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allowing for the circumvention of the safe defaults which enables potential command injection vulnerabilities in cases where...

PT-2023-15061 · Unknown · Gopi Ramasamy Email

Name of the Vulnerable Software and Affected Versions: Gopi Ramasamy Email posts to subscribers versions n/a through 6.2 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection...