{"blog_url":"https://ooooooo.hatenablog.com/","author_name":"ooooooo_q","height":"190","url":"https://ooooooo.hatenablog.com/entry/ruby_bug_hunting_3","version":"1.0","type":"rich","provider_name":"Hatena Blog","provider_url":"https://hatena.blog","width":"100%","title":"Ruby\u3084Ruby\u306eOSS\u306e\u8106\u5f31\u6027\u3092\u898b\u3064\u3051\u305f\u8a71\u306e\u7d9a\u304d\u306e\u7d9a\u304d","blog_title":"ooooooo_q\u306e\u65e5\u8a18","html":"","description":"\u3053\u306e\u8a18\u4e8b\u306fRuby Advent Calendar 2020 - Qiita\u306e20\u65e5\u76ee\u3067\u3059\u3002 \u4e00\u6628\u5e74\uff08Ruby\u3084Ruby\u306eOSS\u306e\u8106\u5f31\u6027\u3092\u898b\u3064\u3051\u305f\u8a71 - ooooooo_q\u306e\u65e5\u8a18\uff09\u3068\u53bb\u5e74 \uff08Ruby\u3084Ruby\u306eOSS\u306e\u8106\u5f31\u6027\u3092\u898b\u3064\u3051\u305f\u8a71\u306e\u7d9a\u304d - ooooooo_q\u306e\u65e5\u8a18\uff09\u3068\u540c\u69d8\u306bRuby\u95a2\u9023\u3067\u4eca\u5e74\u898b\u3064\u3051\u305f\u8106\u5f31\u6027\u306e\u8a71\u3067\u3059\u3002 Rails XSS by file (Active Storage Proxying) hackerone.com Rails6.1\u3067\u5c0e\u5165\u3055\u308c\u305f\u6a5f\u80fd\u3067\u306e\u8106\u5f31\u6027\u3067\u3059\u3002\u4fee\u6b63\u3055\u308c\u305f\u306e\u304c6.1\u306e\u30ea\u30ea\u30fc\u30b9\u524d\u3060\u3063\u305f\u304b\u3089\u304bCVE\u306e\u5272\u5f53\u306f\u3055\u308c\u3066\u3044\u307e\u305b\u3093\u3002Active Storage\u3092\u4f7f\u3063\u3066\u2026","image_url":"https://cdn-ak.f.st-hatena.com/images/fotolife/o/ooooooo_q/20201220/20201220121929.png","categories":["\u8106\u5f31\u6027"],"published":"2020-12-20 00:00:00","author_url":"https://blog.hatena.ne.jp/ooooooo_q/"}