CVE-2023-22797

Summary

An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefully crafted URL resulting in an open redirect vulnerability.

Affected Software

VendorProductVersion RangeStatus
n/ahttps://github.com/rails/rails7.0.4.1affected

Weaknesses

  • CWE-601: Open Redirect (CWE-601)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References