CVE-2021-22885

Summary

A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.0 when using the redirect_to or polymorphic_urlhelper with untrusted user input.

Affected Software

VendorProductVersion RangeStatus
n/ahttps://github.com/rails/rails6.1.3.1, 6.0.3.7, 5.2.4.6, 5.2.6affected

Weaknesses

  • CWE-209: Information Exposure Through an Error Message (CWE-209)

ADP Enrichment

CVE Program Container

Additional References

References