Lucene search
PRIOn knowledge basePRION:CVE-2023-22797HistoryFeb 09, 2023 - 8:15 p.m.
Open redirect
2023-02-0920:15:00
PRIOn knowledge base
www.prio-n.com
2
open redirect
rails 7.0.4.1
protection against open redirects
untrusted user input
developer responsibility
attacker bypass
An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefully crafted URL resulting in an open redirect vulnerability.
| CPE | Name | Operator | Version |
|---|---|---|---|
| actionpack | ge | 7.0.0 | |
| actionpack | lt | 7.0.4.1 | |
| rails | ge | 7.0.0 | |
| rails | lt | 7.0.4.1 |
Related
github
github
Open Redirect Vulnerability in Action Pack
2023-01-18 18:21:23
ubuntucve
ubuntucve
CVE-2023-22797
2023-02-09 00:00:00
cvelist
cvelist
CVE-2023-22797
2023-02-09 00:00:00
cve
cve
CVE-2023-22797
2023-02-09 20:15:11
hackerone
hackerone
Internet Bug Bounty: Open Redirect Vulnerability in Action Pack
2023-02-07 23:03:04
nvd
nvd
CVE-2023-22797
2023-02-09 20:15:11
redhatcve
redhatcve
CVE-2023-22797
2023-01-26 14:35:55
veracode
veracode
Open Redirect
2023-01-19 02:38:52
debiancve
debiancve
CVE-2023-22797
2023-02-09 20:15:11
rubygems
rubygems
Open Redirect Vulnerability in Action Pack
2023-01-17 21:00:00
osv
osv
Open Redirect Vulnerability in Action Pack
2023-01-18 18:21:23
CVE-2023-22797
2023-02-09 20:15:11
