actionpack is vulnerable to Cross-site Scripting (XSS). The vulnerability exists because the redirect_to
functio of redirecting.rb
does not properly check the provided URL for illegal characters, resulting in the downstream services which enforce RFC compliance on HTTP response headers to remove the assigned location header, possibly resulting in cross-site scripting attacks.