← Back

Actionpack

actionpack

Vendor: Actionpack Project • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-22797
2Actionpack Project
Rubyonrails
2Actionpack
Rails
Mar 24, 2025
Feb 9, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only p...Show more
An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefully crafted URL resulting in an open redirect vulnerability.Show less