2017/10/GHSA-v9v4-7jp6-8c73 rails Cross-site Scripting vulnerability