2017/10/GHSA-6jvm-3j5h-79f6 paperclip Cross-site Scripting vulnerability