Publish GHSA-53p3-c7vp-4mcc

advisory-database[bot] · advisory-database[bot] · commit ee52390bd5c5 · 2026-04-01T17:09:31.000Z
diff --git a/advisories/github-reviewed/2026/03/GHSA-53p3-c7vp-4mcc/GHSA-53p3-c7vp-4mcc.json b/advisories/github-reviewed/2026/03/GHSA-53p3-c7vp-4mcc/GHSA-53p3-c7vp-4mcc.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-53p3-c7vp-4mcc",
-  "modified": "2026-03-29T15:22:17Z",
+  "modified": "2026-04-01T17:07:32Z",
   "published": "2026-03-29T15:22:17Z",
   "aliases": [],
   "summary": "Trix is vulnerable to XSS through JSON deserialization bypass in drag-and-drop (Level0InputController)",
@@ -68,6 +68,10 @@
     {
       "type": "WEB",
       "url": "https://github.com/basecamp/trix/releases/tag/v2.1.18"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/action_text-trix/GHSA-53p3-c7vp-4mcc.yml"
     }
   ],
   "database_specific": {

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-53p3-c7vp-4mcc",`
`4`		`- "modified": "2026-03-29T15:22:17Z",`
	`4`	`+ "modified": "2026-04-01T17:07:32Z",`
`5`	`5`	`"published": "2026-03-29T15:22:17Z",`
`6`	`6`	`"aliases": [],`
`7`	`7`	`"summary": "Trix is vulnerable to XSS through JSON deserialization bypass in drag-and-drop (Level0InputController)",`
`@@ -68,6 +68,10 @@`
`68`	`68`	`{`
`69`	`69`	`"type": "WEB",`
`70`	`70`	`"url": "https://github.com/basecamp/trix/releases/tag/v2.1.18"`
	`71`	`+ },`
	`72`	`+ {`
	`73`	`+ "type": "WEB",`
	`74`	`+ "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/action_text-trix/GHSA-53p3-c7vp-4mcc.yml"`
`71`	`75`	`}`
`72`	`76`	`],`
`73`	`77`	`"database_specific": {`