Lucene search
HackeroneCVELIST:CVE-2023-22797HistoryFeb 09, 2023 - 12:00 a.m.
CVE-2023-22797
2023-02-0900:00:00
CWE-601
hackerone
www.cve.org
rails
open redirect
vulnerability
fix
untrusted input
bypass
An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefully crafted URL resulting in an open redirect vulnerability.
CNA Affected
[
{
"vendor": "n/a",
"product": "https://github.com/rails/rails",
"versions": [
{
"version": "7.0.4.1",
"status": "affected"
}
]
}
]Related
github
github
Open Redirect Vulnerability in Action Pack
2023-01-18 18:21:23
ubuntucve
ubuntucve
CVE-2023-22797
2023-02-09 00:00:00
prion
prion
Open redirect
2023-02-09 20:15:00
cve
cve
CVE-2023-22797
2023-02-09 20:15:11
hackerone
hackerone
Internet Bug Bounty: Open Redirect Vulnerability in Action Pack
2023-02-07 23:03:04
nvd
nvd
CVE-2023-22797
2023-02-09 20:15:11
redhatcve
redhatcve
CVE-2023-22797
2023-01-26 14:35:55
veracode
veracode
Open Redirect
2023-01-19 02:38:52
debiancve
debiancve
CVE-2023-22797
2023-02-09 20:15:11
osv
osv
Open Redirect Vulnerability in Action Pack
2023-01-18 18:21:23
CVE-2023-22797
2023-02-09 20:15:11
rubygems
rubygems
Open Redirect Vulnerability in Action Pack
2023-01-17 21:00:00
