There is a possible code injection vulnerability in the Active Storage module of Rails. This vulnerability impacts applications that use Active Storage with the image_processing processing in addition to the mini_magick back end for image_processing. Vulnerable code will look something similar to this: ```ruby <%= image_tag blob.variant(params[:t] => params[:v]) %> ``` Where the transformation method or its arguments are untrusted arbitrary input. Versions Affected: >= 5.2.0 Not affected: < 5.2.0 Fixed Versions: 7.0.2.3, 6.1.4.7, 6.0.4.7, 5.2.6.3 References: https://github.com/advisories/GHSA-w749-p3v6-hccq
Created rubygem-activestorage tracking bugs for this issue: Affects: fedora-all [bug 2064748]