ooooooo_q
ooooooo_q
I confirmed from the https://github.com/janko/image_processing/commit/038e4574e8f4f4b636a62394e09983c71980dada commit that there are other attack methods. ```ruby # call `send` from `public_send` ImageProcessing::Vips.apply({ send: ["system", "echo CALL_SEND" ]}) # call `method_missing` ImageProcessing::Vips.apply({ system!: "echo...
I used [memory_profiler](https://github.com/SamSaffron/memory_profiler) to check where rubyXL was using a lot of memory, and fixed it. `"@#{v[:accessor]}"` generates two String objects, which can be expensive depending on the access frequency,...
From https://hackerone.com/reports/2334455 (Treated as Informative) --- The danger of deserialization has been reduced in Rails 7.1 by increasing the number of settings that do not use Marshal in MessageVerifier. However,...
**What kind of change does this PR introduce?** (check at least one) - [ ] Bugfix - [ ] Feature - [ ] Code style update - [ ] Refactor...
fix #517
hello, I found an XSS that occurs with `jquery-ujs` and `jquery-rails`. I have confirmed the operation with Safari and IE (and old version of Edge). The problematic part is the...