[CVE-2024-32464] ActionText ContentAttachment’s can Contain Unsanitized HTML

I made a report at https://hackerone.com/reports/2389565. https://discuss.rubyonrails.org/t/cve-2024-32464-actiontext-contentattachments-can-contain-unsanitized-html/85949 > Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. > This has been assigned the CVE identifier CVE-2024-32464. > Versions Affected: >= 7.1.0 Not affected: < 7.1.0 Fixed Versions: 7.1.3.4 ## Impact > This could lead to a potential cross site scripting issue within the Trix editor.