CVE-2023-28362
4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Rails | Action Pack | 7.0.5.1 < 7.0.5.1 | affected |
| Rails | Action Pack | 6.1.7.4 < 6.1.7.4 | affected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
- https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132
- https://github.com/advisories/GHSA-4g8v-vg43-wpgf
- https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441
- https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.