CVE-2023-28362

Published: Jan 9, 2025Modified: May 2, 2025

4.0

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.5 / Impact: 1.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header.

Related CWEs

CWE-116

Improper Encoding or Escaping of Output

The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

References (5)

https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132

Source: support@hackerone.com

https://github.com/advisories/GHSA-4g8v-vg43-wpgf

Source: support@hackerone.com

https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441

Source: support@hackerone.com

https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5

Source: support@hackerone.com

https://security.netapp.com/advisory/ntap-20250502-0009/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.