RubySecRUBY:ACTIONPACK-2023-22797Open Redirect Vulnerability in Action Pack
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
21.0%
There is a vulnerability in Action Controller’s redirect_to. This
vulnerability has been assigned the CVE identifier CVE-2023-22797.
Versions Affected: >= 7.0.0
Not affected: < 7.0.0
Fixed Versions: 7.0.4.1
Impact
There is a possible open redirect when using the redirect_to helper with
untrusted user input.
Vulnerable code will look like this:
redirect_to(params[:some_param])
Rails 7.0 introduced protection against open redirects from calling
redirect_to with untrusted user input. In prior versions the developer was
fully responsible for only providing trusted input. However the check
introduced could be bypassed by a carefully crafted URL.
All users running an affected release should either upgrade or use one of
the workarounds immediately.
Workarounds
There are no feasible workarounds for this issue.
| CPE | Name | Operator | Version |
|---|---|---|---|
| actionpack | lt | 7.0.0 | |
| actionpack | lt | 7.0.4.1 |
Related
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
21.0%