2017/10/GHSA-8qrh-h9m2-5fvf Cross site scripting that affects rails