CVE-2023-22797

CVE-2023-22797 concerns an open redirect in Rails. Rails 7.0.4.1 fixed open redirects from redirect_to with untrusted input; in prior versions a carefully crafted URL could bypass protections and cause an open redirect. The vulnerability affects versions before 7.0.4.1; remediation is to upgrade ...