CVE-2022-21831: Possible code injection vulnerability in Rails / Active Storage

Original report: https://hackerone.com/reports/1154034 Rails advisory: https://discuss.rubyonrails.org/t/cve-2022-21831-possible-code-injection-vulnerability-in-rails-active-storage/80199 Blogpost: https://blog.convisoappsec.com/en/cve-2022-21831-overview-of-the-security-issues-we-found-in-railss-image-processing-api/ If the report is eligible for a bounty, please split it equally between me and @rsilva, if possible. ## Impact Vulnerable code patterns could allow the attacker to achieve RCE.